Kernel.org Compromised

First time accepted submitter JoeF writes "There is a note posted on the main kernel.org page indicating that kernel.org was compromised earlier this month: 'Earlier this month, a number of servers in the kernel.org infrastructure were compromised. We discovered this August 28th. While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure.' The note goes on to say that it is unlikely to have affected the source code repositories, due to the nature of git."

Oops

[drolli]

This is bad. Would the same thing happen to MS i dont think /.ers would skip the possibility to bash them.

Re:Oops

[jrbrtsn]

If the same thing happened to Microsoft, Microsoft wouldn't let anybody know.

Re:Oops

[realityimpaired]

But more seriously, the fact of the matter is, most of the tripe spewed against Microsoft hasn't been true since the pre-XP era. This combines with idiots who don't comprehend what security actually is, and buy into the, "LINUX IS TOTALLY SECURE! LOLZ!" crap.

Ok... I'll bite.... I will concede that Windows is a lot more secure than some folks will have you believe, but there is still one glaringly huge security flaw in Windows that would be ridiculously easy for Microsoft to fix: the accounts created during install time are all administrative accounts.

To its credit, Windows will allow you to change those accounts to non-administrative, and it will give you the option of creating non-administrative accounts when you later go in to the user cp, but by default, it still makes everybody an administrator unless explicitly told not to.

Now... the fundamentals of securing a Windows system are exactly the same as the fundamentals of securing a Linux system: don't run any unnecessary daemons, particularly daemons that listen to outside connections, and be careful what you allow to run on your computer. When possible, run anything that executes arbitrary code (like, say, Flash or Silverlight) sandboxed, or not at all. And above all, apply all security updates as soon as they're available. (well, assuming your source of security patches didn't get compromised....)

It's not hard to lock down a Windows system, and all of the above has been doable since NT3.1 in 1993. But as long as its default setting is for users to have administrative access, and it doesn't require any kind of secondary authentication to run programs with elevated permissions (and don't get me started on the debacle that is UAC), then Windows is *not* as secure as most Linux distros. The average user is simply not going to go out of their way to lock down a system once they have gone through the initial setup, and with that in mind, Windows is defective by design. It's in the name of usability, which is certainly understandable, but don't paint it with rose coloured glasses: you can achieve the same level of security under Windows, but you have to do more to reach it.

Re:Wishful thinking

And seriously, why else would you hack kernel.org?

he's talking about tarballs

[bill_mcgonigle]

The files are in a git repository. That's what matters, not what you wrap around it to provide for requests.

So http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.0.4.tar.bz2 gets pulled dynamically from git?

the kernel developers Who Matter

Are you saying users don't?

Re:he's talking about tarballs

%Y-%m-%d please! Americans...

Re:Wishful thinking

[msauve]

"why else would you hack kernel.org?"

1337 points.

YMD sorts

[perpenso]

Yeah, like I need to be reminded what year it is on a daily basis.

Actually YMD is useful because it sorts.