Several of the Linux community’s key websites have been unavailable since late last week following a security breach discovered on Thursday, according to the Linux Foundation.
The Foundation, a non-profit group created to help fuel the growth of Linux, has taken down LinuxFoundation.org, Linux.com and their subdomains for maintenance following the breach, which it believes to be connected to an attack on kernel.org in August.
“The Linux Foundation made this decision in the interest of extreme caution and security best practices,” the Foundation said in a statement on linux.com.
“If you have reused these passwords on other sites, please change them immediately,” the Foundation stated.
The Linux Foundation infrastructure powers various services but doesn’t include the Linux kernel or its code repositories.
The Linux kernel site, linux.org, was hacked around the time the popular operating system celebrated its 20th anniversary on 25 August. In a post on the site at the time, the organisation admitted that “a number of servers in the kernel.org infrastructure were compromised”.
The kernel team took the affected systems offline, backed them up and started to re-install them. It was also planning to re-install all of the kernel.org servers just to be sure that there was nothing unknown lurking on any other parts of the infrastructure.
There is a check being made of all the code within Git, a revision control system devised by Linus Torvalds who created Linux. The team is also testing the tarballs, composites of archived files, to affirm that nothing has been modified. European and US authorities were notified of the breach.
The recent attacks may actually mean positive publicity for Linux, according to Sophos security researcher Paul Ducklin.
“The ‘Linux is a nothing more than a hobby product’ naysayers will be compelled to admit that the operating system really is part of the Big Time. Why else would kernel.org be in the sights of cybercrooks?” he wrote on a Sophos blog. “And Linux itself will emerge almost entirely unscathed because if any dodgy changes are found in the codebase, there will be a public record of them getting rolled back and order restored.”
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
The Linux community have spent years berating the rest of the world for using unsecure systems, with a particular boast that the Linux apache web software is far more secure than anything else.
Still got hacked though, just like the rest of the real world !!
@ Mike - the security concerns for Linux is significantly less prevalent than that of Microsoft and Windows desktop and server platforms hacking's. Where there is a will there is a way and no system is perfect- also, details are still emerging as to how these websites became compromised and it could have been the result of an application and not the actual kernel itself (whereas Windows is generally insecure from ring0 up). Linux and its kernel, as a whole, is exponentially more secure than Windows and its entire platform combined.
Agree with Mike, you would have expected Linux to follow their own preachings, they can download the free version of our Authentication security http://www.liveensure.com just one of the layers they seem to have overlooked.
LiveEnsure.
I agree with you LiveEnsure,
I think your software is ridden with bugs and should be taken as an example.
Sincerely,
Hate Spammers
OMG, the linux.org html code is a beauty! :)
""
They really use a windows only HTML editor?
Hun, didn't you realise that the correct way of adding a margin above some text is to errrr insert four empty paragraphs....
lol
Haha! This proves that Linux systems have no better security than any other operating system!