[Flug] [al3lilo@autistici.org: [Hackmeeting] kernel.org]

Leandro Noferini lnoferin@cybervalley.org
Ven 2 Set 2011 11:47:55 CEST


----- Forwarded message from lilo <al3lilo@autistici.org> -----

From: lilo <al3lilo@autistici.org>
To: hackmeeting@inventati.org
Subject: [Hackmeeting] kernel.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FYI.

Kernel.org, where the vanilla Linux kernel and other Linux related code
is stored, has been hacked in early August.
The Kernel.org admins believe that the intruder gained access through a
compromised account and then used software bugs to get root access to
the Hera server where Torvalds Linux repository is located.
The breach was noticed due to a suspicious error message on the affected
server on August 28th.

The Kernel.org guys are currently investigating the case. They are also
planning to do a full reinstall on all Kernel.org boxes.
They are also checking all the code they're hosting for manipulations.
Of course, manipulating the Linux source code and adding a backdoor
without anyone noticing would be a valuable target for any cracker.

But the nature of Git makes it very unlikely that any changes done to
existing code in the repository would be unnoticed.
Details on why that is are explained in a posting on the Linux
foundation's website:

linux-foundation.org/weblogs/lwf/2011/08/31/the-cracking-of-kernelorg/

The chances that someone with root access on Kernel.org could add a
commit under Torvalds name to his git repository without Torvalds
noticing are almost zero too. This is explained in detail here:
git-blame.blogspot.com/2011/08/how-to-inject-malicious-commit-to-git.html

You can find the Kernel.org news item on their main webpage: kernel.org/


- -- 
~lilo~
AnonOps: "2008: Obama promises to scrap the Patriot Act.
February 2011: Patriot Act extended.
August 2011: Patriot Act used against @Wikileaks #Oct26"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOYKUVAAoJEOT1EWeY7nJikiAH/2HD/nwX1Wcqb8rZHx5OssmV
qeS3nmHISNz/VhCV3/1r3Z2KZlGtCpbCsh4zgphtoKj6BKK+3TwTC56MdG/YCRbf
u4MQXNbY1pmNHyaYPAr0U7wi1eRWexm2aZ2MvqfJAbtBvK55yaocQyyoHXmwrhRt
50j5qeNT9wJVzMyKB/oDEjmyqrYgkDBkx8AmClTlVQLueJgTI2Yayj0ohjXRgXdI
7wvi+rjPNVE3rEyjUBsvBiBcpR0gXEOwgPG4h1nB2Em1yO/upNHARYED0w7FhaQY
3u/I4EMzBkJ7YkyyDe+i4EnOgu3TCbQ3RAFJMJvjr9tbK6wRBfpLlLs0OWNbHCY=
=rQ5e
-----END PGP SIGNATURE-----
_______________________________________________
Hackmeeting mailing list
Hackmeeting@inventati.org
https://www.autistici.org/mailman/listinfo/hackmeeting

----- End forwarded message -----


Maggiori informazioni sulla lista flug