cancel
Showing results for 
Search instead for 
Did you mean: 

Linux security problem

Community Veteran
Posts: 8,616
Thanks: 960
Fixes: 9
Registered: ‎02-08-2007

Linux security problem

Not sure if this affects anyone on this forum,
Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. The Linux Foundation made this decision in the interest of extreme caution and security best practices. We believe this breach was connected to the intrusion on kernel.org.
We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update this statement when we have more information.
We apologize for the inconvenience. We are taking this matter seriously and appreciate your patience. The Linux Foundation infrastructure houses a variety of services and programs including Linux.com, Open Printing, Linux Mark, Linux Foundation events and others, but does not include the Linux kernel or its code repositories.
Please contact us at info@linuxfoundation.org with questions about this matter.
The Linux Foundation
2 REPLIES
Waldo
Grafter
Posts: 473
Registered: ‎01-08-2007

Re: Linux security problem

Quote from: gleneagles
Not sure if this affects anyone on this forum,

More likely to affect developers / maintainers than us mere mortals I think (though I have occassionally downloaded the latest stable kernel source from kernel.org - which is still down). I've seen reports that the kernel.org intrusion was the result of a compromised user account; it seems unlikely any source code has been compromised.
Community Veteran
Posts: 6,773
Thanks: 258
Fixes: 21
Registered: ‎16-02-2009

Re: Linux security problem

The kernel.org says that all the source files were protected by sha1 keys, so if someone modified them it would show a change.
As to Linux.com NEVER visited it  Grin