The Linux kernel site was hacked around the time the popular operating system celebrated its 20th anniversary on August 25. In a post on the site, the organisation admitted that “a number of servers in the kernel.org infrastructure were compromised”.
The discovery was made on August 28 but the kernel team did not say when the hack occurred as logs are still under forensic examination. The post added that it is not thought the source code repositories were affected.
There is also a check being made of all the code within Git, a revision control system devised by Linus Torvalds who created Linux. The team is also testing the tarballs, composites of archived files, to affirm that nothing has been modified.
European and US authorities have been notified of the breach.
In its statement, the kernel.org managers said, “The Linux community and kernel.org take the security of the kernel.org domain extremely seriously, and are pursuing all avenues to investigate this attack and prevent future ones.”
The hack will not affect the code in the long term because the Git system encrypts all of the Linux files, almost 40,000, with a SHA-1 hash which defines the exact contents of the original files. Throughout development, Git names each file version according to the complete development history leading up to the current version. Once published, it is “not possible to change the old versions without it being noticed”.
When it comes to sound versions of the files, the backup system of Linux code is too complex for a hacker to be able to damage any file. Copies are held on Kernel.org mirror sites and on thousands of servers owned by the developers and distribution maintainers in the Linux community. Many o the developers update these personal repositories every day and changes would be noticed and flagged up immediately.
All 448 users who maintain kernel.org are changing their authentication details and Secure Shell (SSH) keys. In addition, security policies are being audited.
A detailed log of what is known so far has also been included in the disclosure:
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
Happy 20th Linux :)
Wow, what a party!