[Flug] [al3lilo@autistici.org: [Hackmeeting] kernel.org]
alessio chemeri
alessio.chemeri@gmail.com
Ven 2 Set 2011 12:48:57 CEST
Boia... inquietante... e mi lamentavo io
Il giorno 02/set/2011 11:46, "Leandro Noferini" <lnoferin@cybervalley.org>
ha scritto:
> ----- Forwarded message from lilo <al3lilo@autistici.org> -----
>
> From: lilo <al3lilo@autistici.org>
> To: hackmeeting@inventati.org
> Subject: [Hackmeeting] kernel.org
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> FYI.
>
> Kernel.org, where the vanilla Linux kernel and other Linux related code
> is stored, has been hacked in early August.
> The Kernel.org admins believe that the intruder gained access through a
> compromised account and then used software bugs to get root access to
> the Hera server where Torvalds Linux repository is located.
> The breach was noticed due to a suspicious error message on the affected
> server on August 28th.
>
> The Kernel.org guys are currently investigating the case. They are also
> planning to do a full reinstall on all Kernel.org boxes.
> They are also checking all the code they're hosting for manipulations.
> Of course, manipulating the Linux source code and adding a backdoor
> without anyone noticing would be a valuable target for any cracker.
>
> But the nature of Git makes it very unlikely that any changes done to
> existing code in the repository would be unnoticed.
> Details on why that is are explained in a posting on the Linux
> foundation's website:
>
> linux-foundation.org/weblogs/lwf/2011/08/31/the-cracking-of-kernelorg/
>
> The chances that someone with root access on Kernel.org could add a
> commit under Torvalds name to his git repository without Torvalds
> noticing are almost zero too. This is explained in detail here:
> git-blame.blogspot.com/2011/08/how-to-inject-malicious-commit-to-git.html
>
> You can find the Kernel.org news item on their main webpage: kernel.org/
>
>
> - --
> ~lilo~
> AnonOps: "2008: Obama promises to scrap the Patriot Act.
> February 2011: Patriot Act extended.
> August 2011: Patriot Act used against @Wikileaks #Oct26"
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJOYKUVAAoJEOT1EWeY7nJikiAH/2HD/nwX1Wcqb8rZHx5OssmV
> qeS3nmHISNz/VhCV3/1r3Z2KZlGtCpbCsh4zgphtoKj6BKK+3TwTC56MdG/YCRbf
> u4MQXNbY1pmNHyaYPAr0U7wi1eRWexm2aZ2MvqfJAbtBvK55yaocQyyoHXmwrhRt
> 50j5qeNT9wJVzMyKB/oDEjmyqrYgkDBkx8AmClTlVQLueJgTI2Yayj0ohjXRgXdI
> 7wvi+rjPNVE3rEyjUBsvBiBcpR0gXEOwgPG4h1nB2Em1yO/upNHARYED0w7FhaQY
> 3u/I4EMzBkJ7YkyyDe+i4EnOgu3TCbQ3RAFJMJvjr9tbK6wRBfpLlLs0OWNbHCY=
> =rQ5e
> -----END PGP SIGNATURE-----
> _______________________________________________
> Hackmeeting mailing list
> Hackmeeting@inventati.org
> https://www.autistici.org/mailman/listinfo/hackmeeting
>
> ----- End forwarded message -----
> _______________________________________________
> flug mailing list
> flug@lists.linux.it
> http://lists.linux.it/listinfo/flug
-------------- parte successiva --------------
Un allegato HTML è stato rimosso...
URL: <http://lists.linux.it/pipermail/flug/attachments/20110902/fd18fd7b/attachment.htm>
Maggiori informazioni sulla lista
flug