Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Foundation Sites Restored

Posted by samzenpus on from the welcome-back dept.

LinuxScribe writes "The Linux Foundation has quietly restored all of the websites it took down following the September 2011 breach that affected Linux.com and all other Foundation websites--an attack that was linked to the August 2011 breach of kernel.org. But one website won't be coming back: the Linux Developer Network, launched in 2008. Content from the site will now be hosted across all of the Linux Foundation's web properties."

17 of 141 comments (clear)

  1. bugzilla.kernel.org... by Anonymous Coward · · Score: 1

    ...is still down, which is IMHO a huge problem for the Linux kernel as bug reports (and even patches) just vanish into thin air...

  2. Re:Not Everything by noobermin · · Score: 5, Informative

    This is about the Linux Foundation sites, not kernel.org.

  3. What about a post mortem? by benjymouse · · Score: 3, Interesting

    Why has the Linux Foundation not offered an explanation for what went wrong and how the intruders gained access? Specifically, how could the intruders root the servers starting from compromised user credentials as has been alleged?

    --
    Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
    1. Re:What about a post mortem? by Anonymous Coward · · Score: 1

      Normally when there is a breach in any system the companies keep all of the details quiet, unless the breach affected costumer, user, or employee data. With that said just be happy that they haven't released that much information about the attack because that means they already know who did it, the breach was limited, or it will not affect the community at all once the sites are fully restored.

    2. Re:What about a post mortem? by julian67 · · Score: 5, Informative

      I strongly agree. They promised they would publish an account but so far have failed to do so. On kernel.org they wrote "We will be writing up a report on the incident in the future." but I suppose "the future" in this case translates to "never" or even "mind your own business because it's embarrassing".

      They are also still using a signing key which has been publicly stated to be compromised. From http://kernel.org/signature.html

      "The current Linux Kernel Archives OpenPGP key is always posted here, including any revocation certificates which may be outstanding on older keys.

      This signature does not guarantee that the Linux Kernel Archives master site itself has not been compromised. However, if we suffer an intrusion we will revoke the key and post information here as quickly as possible."

      I find it amazing that after over 4 months this simple act of revoking the bad key has still not been carried out. Even though a signed tarball doesn't guarantee much in the end, the fact that an important organisation can publicly make such a statement and then fail to honour it is actually disgraceful. It's a demonstration of bad faith in itself, and in combination with their failure to be frank about how root was gained on multiple sites and servers, is an indication of untrustworthiness of the most uncomplicated type.

      Claiming to be open and honest is in no way a satisfactory substitute for being open and honest.

    3. Re:What about a post mortem? by lsatenstein · · Score: 1

      Maybe the reason they do not comment is that the servers were not Linux ones. Or, the way the hackers got in is not yet determined.

      --
      Leslie Satenstein Montreal Quebec Canada
    4. Re:What about a post mortem? by tepples · · Score: 1

      "Costumer"? As in someone who puts together apparel for a play or a movie?

  4. Re:Wow by MichaelSmith · · Score: 1

    These people already have jobs.

    --
    http://michaelsmith.id.au
  5. Re:Wow by Ramin_HAL9001 · · Score: 3, Informative

    These people already have jobs.

    Also, Linux is one of the most mission-critical bits of software on the planet, used heavily in finance, internet backbones, and social networking. I'd rather they be overly cautious about bringing their sites back online, than do it hurriedly and let a backdoor exploit go undetected.

  6. Re:Wow by Anonymous Coward · · Score: 1

    You spelled BSD wrong

  7. Use OpenBSD by unixisc · · Score: 1

    At least, they don't have problems like this.

  8. Re:Linux = BAD IDEA (for security in 2011) by alantus · · Score: 1

    If only he had posted this once, maybe someone would take it seriously, but now he just looks like a douchebag.

    I'm all for an open internet and everything, but it just takes one moron to ruin the whole thing for many others.
    The obvious solutions to prevent this kind of abuse would degrade the whole experience for everybody else:
    - require registration to submit comments (no more AC)
    - even more restrictions on submitting comments than what we currently have

  9. Re:Wow by oneeighty · · Score: 2

    Go give someone a winblows and get blue screen all over your face!

  10. When the hell can the post filter be updated? by Anonymous Coward · · Score: 1

    Seriously, it's time slashdot implemented an apk filter. If your spam filter allows trolls like him to shit all over a discussion, it ain't working. IP Blocking == fine with me.

  11. Re:Linux Security Blunders DOMINATE in 2011 by alantus · · Score: 1

    "- require registration to submit comments (no more AC) - even more restrictions on submitting comments than what we currently have" - by alantus (882150) on Thursday January 05, @07:11AM (#38594530)

    Attempts @ censoring fact/truth indicates FEAR on your part. Here's some facts/truths for you to chew on goof:

    Fear of what exactly? (In case you don't get it: its a rhetorical question, don't bother to answer it).
    I never disputed your "facts/truths", I never even read them. Maybe everything you say is true: Linux security sucks and Windows rules, but since you since you came of as a complete douche, why would anybody care to dispute your "facts/truths" in a serious and constructive conversation? Instead we chose to do the obvious and treat you like the moron you appear to be.

  12. Re:99.999% uptime for MS (& Linux = "DOWN") by galanom · · Score: 1

    Linux gets used @ smallfry sites because they can't afford higher quality Windows stuff like big companies above obviously can!

    Are you aware that >92% of TOP500 supercomputers run linux? (and the rest UNIX)

  13. It's possible that ... by Cherubim1 · · Score: 1

    ... the security breach was internal. That would explain their reluctance to comment on this breach in detail.