The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    Hackers break into Linux source code site

    Discussion in 'Linux Compatibility and Software' started by Evil Claw, Sep 1, 2011.

  1. Evil Claw

    Evil Claw Notebook Evangelist

    Reputations:
    7
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    30
    FYI just in case you missed it or were affected by it.

    LINK
     
    Evil Claw, Sep 1, 2011
    #1
  2. chimpanzee

    chimpanzee Notebook Virtuoso

    Reputations:
    683
    Messages:
    2,561
    Likes Received:
    0
    Trophy Points:
    55
    rootkit in action.
     
    chimpanzee, Sep 1, 2011
    #2
  3. ThinkRob

    ThinkRob Notebook Deity

    Reputations:
    1,006
    Messages:
    1,343
    Likes Received:
    2
    Trophy Points:
    56
    It's important to note that compromising kernel.org != compromising the kernel source. That's nearly impossible to do without folks noticing.

    For more detail on why this is, you might be interested in checking out this article by Jonathan Corbet (editor of LWN).

    Summary: the public-facing kernel.org servers were compromised. Barring a hitherto-discovered break of SHA1, the kernel source was not.
     
    ThinkRob, Sep 1, 2011
    #3
  4. Aluminum

    Aluminum Notebook Consultant

    Reputations:
    44
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    31
    This comic sums up these kinds of event often reported in the media:

    xkcd: CIA
     
    Aluminum, Sep 2, 2011
    #4
  5. H.A.L. 9000

    H.A.L. 9000 Occam's Chainsaw

    Reputations:
    6,415
    Messages:
    5,296
    Likes Received:
    552
    Trophy Points:
    281
    H.A.L. 9000, Sep 6, 2011
    #5
  6. ThinkRob

    ThinkRob Notebook Deity

    Reputations:
    1,006
    Messages:
    1,343
    Likes Received:
    2
    Trophy Points:
    56
    Temporarily, while they rebuild the boxes. After which the github repo will be a mirror.

    Also, since git is a distributed VCS, saying that it will "move" to Github is a little inaccurate.
     
    ThinkRob, Sep 7, 2011
    #6
  7. talin

    talin Notebook Prophet

    Reputations:
    4,694
    Messages:
    5,343
    Likes Received:
    2
    Trophy Points:
    205
    Haha, isn't linux open source? So why bother breaking in to steal code, when it's freely available? Or did I miss something? :p (no I didn't bother reading the article)
     
    talin, Sep 8, 2011
    #7
  8. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,348
    Likes Received:
    0
    Trophy Points:
    55
    The issue is that if they can WRITE to the source code anyone who compiles from that site will download a malicious software. They can build malware straight into the OS.
     
    Hungry Man, Sep 8, 2011
    #8
  9. chimpanzee

    chimpanzee Notebook Virtuoso

    Reputations:
    683
    Messages:
    2,561
    Likes Received:
    0
    Trophy Points:
    55
    very few people would just download and compile that way.

    If you are responsible for a distro, you would be using git(most likely) and doing pull. since each change needs to be signoff and most probably reviewed as well, it is very difficult to slip in malicious code this way.

    If you are not managing your self compiled kernel this way, you are not supposed to be compiling your own kernel (no one can stop anyone to kill themselves) :)
     
    chimpanzee, Sep 8, 2011
    #9
  10. ThinkRob

    ThinkRob Notebook Deity

    Reputations:
    1,006
    Messages:
    1,343
    Likes Received:
    2
    Trophy Points:
    56
    Nope. git doesn't work that way.

    At best the attackers could modify the mirrored tarballs, but since the private keys used to sign them weren't on the box (at least AFAIK) that too would be easily caught.
     
    ThinkRob, Sep 10, 2011
    #10
  11. ALLurGroceries

    ALLurGroceries  Vegan Vermin Super Moderator

    Reputations:
    15,730
    Messages:
    7,146
    Likes Received:
    2,343
    Trophy Points:
    331
    Linux.com was compromised too, I got an email about it today telling me to change my password.

    For anyone confused about git security, read this: https://lkml.org/lkml/2011/9/4/92

    P.S. I'm running 3.1-rc5 and it's oopsing all over the place. :p :p
     
    ALLurGroceries, Sep 11, 2011
    #11
  12. Evil Claw

    Evil Claw Notebook Evangelist

    Reputations:
    7
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    30
    FYI, found this this morning:

    LINK
     
    Evil Claw, Sep 13, 2011
    #12
  13. ALLurGroceries

    ALLurGroceries  Vegan Vermin Super Moderator

    Reputations:
    15,730
    Messages:
    7,146
    Likes Received:
    2,343
    Trophy Points:
    331
    Merged into existing thread. ;)
     
    ALLurGroceries, Sep 14, 2011
    #13
  14. niffcreature

    niffcreature ex computer dyke

    Reputations:
    1,748
    Messages:
    4,094
    Likes Received:
    28
    Trophy Points:
    116
    Maybe they just added some bug fixes that have been in the suggested backports repository or whatever for years. :D
     
    niffcreature, Sep 15, 2011
    #14