Linux.com, Linux Foundation Sites Breached
Believed to be connected to kernel.org attack
The Linux Foundation is reporting this morning that their web sites, including Linux.com, are down for a complete reinstall following a discovered security breach.
The breach was discovered on September 8, and affects Linux.com, LinuxFoundation.org, and all attendant subdomains of those web properties, according to an e-mail sent out early Sunday morning (East Coast time). Kernel.org, though not explicitly described in the e-mail, was also down for maintenance as of 1010 EDT.
The message, sent to all registered members of those sites, strongly emphasized that any passwords or SSH keys used on those sites should be considered compromised and affected members should keep that in mind, particularly if they have reused their passwords on other sites.
Interestingly, the Linux Foundation's e-mail did answer the question that is sure to be on everyone's minds: "We believe this breach was connected to the intrusion on kernel.org."
The most recent theory about the kernel.org intrusion is that it was perpetrated by crackers who really had not idea what they had stumbled upon and therefore were unable to truly capitalize on breaking into kernel.org in late August. But now it seems the hacking actions were much more widespread. The timing of the discovery and announcement is sure to raise eyebrows: the security breach on kernel.org was occurred on Aug. 12 and was not discovered for 17 days. If the Linux Foundation sites were attacked at or around the same time, that could mean it was 27 days the security breaches on Linux.com went undetected (and 30 days until the breaches were made public).
Linux.com is not connected with Linux kernel or software development in any way. It serves as a news, information, and community site for anyone interested in the Linux operating system. LinuxFoundation.org serves as a front door for the Linux Foundation, and hosts several subdomains, such as the Linux Developer Network and the Linux Foundation video site. Some working groups also are hosted on LinuxFoundation,org subdomains, thought it is not clear which, if any, of these subdomains were affected.
[Disclosure: I was the Community Manager for the Linux Foundation in 2008-2009, and managed the content for many of these sites.]
Given the content of the sites affected and their purpose, there is zero danger any Linux kernel development was affected in any way as a result of these breaches reported today. But it is clear that whoever orchestrated these attacked, whether they were script kiddies on a joyride or someone with more sinister motives, have created an embarrassing situation for the Linux Foundation at best.
The content of the message from the Linux Foundation follows.
"Attention Linux.com and LinuxFoundation.org users,
"We are writing you because you have an account on Linux.com, LinuxFoundation.org, or one of the subdomains associated with these domains. On September 8, 2011, we discovered a security breach that may have compromised your username, password, email address and other information you have given to us. We believe this breach was connected to the intrusion on kernel.org.
"As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update public statements when we have more information.
"We have taken all Linux Foundation servers offline to do complete re-installs. Linux Foundation services will be put back up as they become available. We are working around the clock to expedite this process and are working with authorities in the United States and in Europe to assist with the investigation.
"The Linux Foundation takes the security of its infrastructure and that of its members extremely seriously and are pursuing all avenues to investigate this attack and prevent future ones. We apologize for this inconvenience and will communicate updates as we have them.
"Please contact us at firstname.lastname@example.org with questions about this matter.
"The Linux Foundation"
Read more of Brian Proffitt's Open for Discussion blog and follow the latest IT news at ITworld. Drop Brian a line or follow Brian on Twitter at @TheTechScribe. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.