Security breach at Linux Foundation

ronjor · Sep 11, 2011

The Linux Foundation has mailed users of the Linux.com and LinuxFoundation.org sites informing them that they discovered a security breach on 8 September which "may have compromised your username, password, email address and other information". The Foundation says that it believes the breach is connected to the security breach at kernel.org at the start of September.
Click to expand...

http://www.h-online.com/security/news/item/Security-breach-at-Linux-Foundation-1340733.html

J_L · Sep 11, 2011

Wow, does that affect the admins as well?

GrailVanGogh · Sep 11, 2011

J_L said:

Wow, does that affect the admins as well?
Click to expand...

It would IMO be a smart move for everyone on that site to change their passwords.

fsr · Sep 12, 2011

Linux Foundation Confirms Malware Attack

dw426 · Sep 12, 2011

fsr said:

Linux Foundation Confirms Malware Attack
Click to expand...

What the heck is up with that link? Using Firefox 8, I go to the site and am immediately redirected to the mobile version of it, which doesn't contain the article.

fsr · Sep 12, 2011

Works fine for me. Anyway please don't shoot the messenger.

dw426 · Sep 12, 2011

fsr said:

Works fine for me. Anyway please don't shoot the messenger.
Click to expand...

Lol, not shooting at you. I've just not seen that happen on FF before

fsr · Sep 12, 2011

Linux Foundation has just issued an update,

*** UPDATE***

We want to thank you for your questions and your support. We hope this FAQ can help address some of your inquiries.

Q: When will Linux Foundation services, such as events, training and Linux.com be back online?

Our team is working around the clock to restore these important services. We are working with authorities and exercising both extreme caution and diligence. Services will begin coming back online in the coming days and will keep you informed every step of the way.

Q: Were passwords stored in plaintext?

The Linux Foundation does not store passwords in plaintext. However an attacker with access to stored password would have direct access to conduct a brute force attack. An in-depth analysis of direct-access brute forcing, as it relates to password strength, can be read at http://www.schneier.com/blog/archives/2007/01/choosing_secure.html. We encourage you to use extreme caution, as is the case in any security breach, and discontinue the use of that password if you re-use it across other sites.

Q: Does my Linux.com email address work?

Yes, Linux.com email addresses are working and safe to use.

Q: What do you know about the source of the attack?

We are aggressively investigating the source of the attack. Unfortunately, we can't elaborate on this for the time being.

Q: Is there anything I can do to help?

We want to thank everyone who has expressed their support while we address this breach. We ask you to be patient as we do everything possible to restore services as quickly as possible.
Click to expand...

http://www.linux.com/

PJC · Sep 13, 2011

Linux world in security spinout as Linux Foundation and Kernel.org remain "temporarily unavailable"

Gullible Jones · Sep 15, 2011

Just FWIW, Linux kernel development has moved to GitHub, so the source code still flows: https://github.com/torvalds/linux

tlu · Sep 19, 2011

And here is why one should not worry about the integrity of the kernel source after this incident.

Log in or Sign up

Security breach at Linux Foundation

ronjor Global Moderator

J_L Registered Member

GrailVanGogh Registered Member

fsr Registered Member

dw426 Registered Member

fsr Registered Member

dw426 Registered Member

fsr Registered Member

PJC Very Frequent Poster

Gullible Jones Guest

tlu Guest

Improving Linux Security with DevSecOps

10 best Linux distros for privacy fiends and security buffs in 2017

GNU/Linux Security: A look at QubesOS

An Important Linux Kernel Security Patch Is Available for CentOS 7, Update Now

Linux kernel gets patch for 11-year-old local-root-hole security bug

Log in or Sign up

Security breach at Linux Foundation

ronjor Global Moderator

J_L Registered Member

GrailVanGogh Registered Member

fsr Registered Member

dw426 Registered Member

fsr Registered Member

dw426 Registered Member

fsr Registered Member

PJC Very Frequent Poster

Gullible Jones Guest

tlu Guest

Improving Linux Security with DevSecOps

10 best Linux distros for privacy fiends and security buffs in 2017

GNU/Linux Security: A look at QubesOS

An Important Linux Kernel Security Patch Is Available for CentOS 7, Update Now

Linux kernel gets patch for 11-year-old local-root-hole security bug

Useful Searches