Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Foundation, Linux.com Sites Down To Fix Security Breach

Posted by timothy on from the bringing-back-spanking-might-help dept.

An anonymous reader writes "All Linux Foundation sites seem to be down due to a security breach, which occured on 8 sep. (according to a notice displayed on the site)." From the email I received this morning, sent to all Linux.com and LinuxFoundation.org users: "On September 8, 2011, we discovered a security breach that may have compromised your username, password, email address and other information you have given to us. We believe this breach was connected to the intrusion on kernel.org. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. ... We have taken all Linux Foundation servers offline to do complete re-installs. Linux Foundation services will be put back up as they become available. We are working around the clock to expedite this process and are working with authorities in the United States and in Europe to assist with the investigation."

6 of 101 comments (clear)

  1. SSH keys? by betterunixthanunix · · Score: 2

    Uh...isn't the point of using public keys that you do not have to keep them secret to remain secure? If people uploaded their public keys to the compromised systems...how is that a problem?

    --
    Palm trees and 8
    1. Re:SSH keys? by dbrian1 · · Score: 2

      I don't see why having private keys on a server would be less secure than having these on your laptop/phone, which is much easier to steal or borrow...

      My laptop is only vulnerable to theft by people I am in physical contact with and is generally my responsibly to secure while connected to the Internet. Placing SSH keys on a server means I'm giving these keys and any access they grant to the admins of said server and am placing my trust in them to keep them secure. This is fine for automated trust relationships between hosts but not generally a good idea for personal keys.

  2. More Info, and Announcement Content by LinuxScribe · · Score: 4, Informative

    A few more details of the breach, including the content of the message from the Linux Foundation, can be found on ITWorld.

    LinuxScribe

  3. Lucky by Anonymous Coward · · Score: 2, Interesting

    The attack that compromised some high-value servers belonging to kernel.org — but not the Linux kernel source code — may have been the work of hackers who simply got lucky and didn't realize the value of the servers that they had gotten their hands on.

    Sure.

  4. Re:Pro-hacker when I want by Elbereth · · Score: 2

    Do you ever post anything other than instructions on how to mod other posts?

  5. This is the right way to do it by Pop69 · · Score: 2

    Not like when a CA gets its webserver compromised, has a quick self audit and then declares everything is OK, really, honest....

    Assume everything is compromised unless you can prove otherwise and get the staff in on overtime to reinstall from scratch.