<p>Boia... inquietante... e mi lamentavo io </p>
<div class="gmail_quote">Il giorno 02/set/2011 11:46, "Leandro Noferini" <<a href="mailto:lnoferin@cybervalley.org">lnoferin@cybervalley.org</a>> ha scritto:<br type="attribution">> ----- Forwarded message from lilo <<a href="mailto:al3lilo@autistici.org">al3lilo@autistici.org</a>> -----<br>
> <br>> From: lilo <<a href="mailto:al3lilo@autistici.org">al3lilo@autistici.org</a>><br>> To: <a href="mailto:hackmeeting@inventati.org">hackmeeting@inventati.org</a><br>> Subject: [Hackmeeting] <a href="http://kernel.org">kernel.org</a><br>
> <br>> -----BEGIN PGP SIGNED MESSAGE-----<br>> Hash: SHA1<br>> <br>> FYI.<br>> <br>> Kernel.org, where the vanilla Linux kernel and other Linux related code<br>> is stored, has been hacked in early August.<br>
> The Kernel.org admins believe that the intruder gained access through a<br>> compromised account and then used software bugs to get root access to<br>> the Hera server where Torvalds Linux repository is located.<br>
> The breach was noticed due to a suspicious error message on the affected<br>> server on August 28th.<br>> <br>> The Kernel.org guys are currently investigating the case. They are also<br>> planning to do a full reinstall on all Kernel.org boxes.<br>
> They are also checking all the code they're hosting for manipulations.<br>> Of course, manipulating the Linux source code and adding a backdoor<br>> without anyone noticing would be a valuable target for any cracker.<br>
> <br>> But the nature of Git makes it very unlikely that any changes done to<br>> existing code in the repository would be unnoticed.<br>> Details on why that is are explained in a posting on the Linux<br>> foundation's website:<br>
> <br>> <a href="http://linux-foundation.org/weblogs/lwf/2011/08/31/the-cracking-of-kernelorg/">linux-foundation.org/weblogs/lwf/2011/08/31/the-cracking-of-kernelorg/</a><br>> <br>> The chances that someone with root access on Kernel.org could add a<br>
> commit under Torvalds name to his git repository without Torvalds<br>> noticing are almost zero too. This is explained in detail here:<br>> <a href="http://git-blame.blogspot.com/2011/08/how-to-inject-malicious-commit-to-git.html">git-blame.blogspot.com/2011/08/how-to-inject-malicious-commit-to-git.html</a><br>
> <br>> You can find the Kernel.org news item on their main webpage: <a href="http://kernel.org/">kernel.org/</a><br>> <br>> <br>> - -- <br>> ~lilo~<br>> AnonOps: "2008: Obama promises to scrap the Patriot Act.<br>
> February 2011: Patriot Act extended.<br>> August 2011: Patriot Act used against @Wikileaks #Oct26"<br>> -----BEGIN PGP SIGNATURE-----<br>> Version: GnuPG v1.4.10 (GNU/Linux)<br>> Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org/">http://enigmail.mozdev.org/</a><br>
> <br>> iQEcBAEBAgAGBQJOYKUVAAoJEOT1EWeY7nJikiAH/2HD/nwX1Wcqb8rZHx5OssmV<br>> qeS3nmHISNz/VhCV3/1r3Z2KZlGtCpbCsh4zgphtoKj6BKK+3TwTC56MdG/YCRbf<br>> u4MQXNbY1pmNHyaYPAr0U7wi1eRWexm2aZ2MvqfJAbtBvK55yaocQyyoHXmwrhRt<br>
> 50j5qeNT9wJVzMyKB/oDEjmyqrYgkDBkx8AmClTlVQLueJgTI2Yayj0ohjXRgXdI<br>> 7wvi+rjPNVE3rEyjUBsvBiBcpR0gXEOwgPG4h1nB2Em1yO/upNHARYED0w7FhaQY<br>> 3u/I4EMzBkJ7YkyyDe+i4EnOgu3TCbQ3RAFJMJvjr9tbK6wRBfpLlLs0OWNbHCY=<br>> =rQ5e<br>
> -----END PGP SIGNATURE-----<br>> _______________________________________________<br>> Hackmeeting mailing list<br>> <a href="mailto:Hackmeeting@inventati.org">Hackmeeting@inventati.org</a><br>> <a href="https://www.autistici.org/mailman/listinfo/hackmeeting">https://www.autistici.org/mailman/listinfo/hackmeeting</a><br>
> <br>> ----- End forwarded message -----<br>> _______________________________________________<br>> flug mailing list<br>> <a href="mailto:flug@lists.linux.it">flug@lists.linux.it</a><br>> <a href="http://lists.linux.it/listinfo/flug">http://lists.linux.it/listinfo/flug</a><br>
</div>