[ale] Security breach on kernel.org

Michael H. Warfield mhw at WittsEnd.com
Thu Sep 1 09:21:06 EDT 2011


On Thu, 2011-09-01 at 08:42 -0400, Jim Kinney wrote: 
> Major bad news. They host loads of code.

Read the articles.  Several machines were compromised but not all.
Compromised machines have been taken off line for diagnostics and
reinstallation.  A number of developers (close to 500) are having to
change their ssh keys, which sucks.

Bad but highly unlikely to have any impact on the source code thanks to
the nature of git and the highly distributed development model along
with cryptographically secure hashes and history on every single file.
They'd need a time machine to go back and poke changes into past sources
and change sets and they're need a transporter to get to all the
thousands of machines hosting git repos at developer sites for the
development their development.  They're validating the the change sets
and hashes but it's unlikely to contain anything and it's unlikely the
sources have been contaminated.  Unexpected changes should show up
rapidly to the subsystem maintainers as unexpected conflicts or
validation checks or unapproved changes sets.

http://www.linux.com/news/featured-blogs/171-jonathan-corbet/491001-the-cracking-of-kernelorg

He points out that the sources are distributed from kernel.org but are
developed on and hosted all over the world.

Regards,
Mike

> On Sep 1, 2011 8:14 AM, "Watson, Keith" <krwatson at cc.gatech.edu> wrote:
> > Security breach on kernel.org
> > https://www.kernel.org/
> >
> > Earlier this month, a number of servers in the kernel.org infrastructure
> were compromised. We discovered this August 28th. While we currently believe
> that the source code repositories were unaffected, we are in the process of
> verifying this and taking steps to enhance security across the
> kernel.orginfrastructure.
> >
> >
> > There is more information on their home page.
> >
> > keith
> >
> > --
> >
> > Keith R. Watson Georgia Institute of Technology
> > IT Support professional Lead College of Computing
> > keith.watson at cc.gatech.edu 801 Atlantic Drive NW
> > (404) 385-7401 Atlanta, GA 30332-0280
> >
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110901/c6858698/attachment.bin 


More information about the Ale mailing list