In case anyone is living under a rock and missed it (like me), sometime in August multiple kernel.org servers were rooted, and linux.com was also compromised in a related breach. Both sites are still offline. Not only does kernel.org host the Linux kernel source code (which has now been temporarily moved), but it also hosts mirrors for many Linux distros. It is claimed that “the attackers did not really understand the significance of the servers they’d breached and were unable to capitalize on the attack”, and that no tampering has been found in the kernel source code or distro mirrors. If true, call this very lucky, yet this is another example showing that Linux developers need to take file authentication protocols more seriously.
Earlier this year, I spent considerable time exposing and discussing Arch Linux’s long-term negligence in their distro’s security practices, which prompted me to discontinue my use of Arch Linux. It turns out that kernel.org hosts a primary Arch mirror, and were those files compromised, anyone using that mirror to update their system has been silently infected. (Note that the breach was not discovered by kernel.org for two weeks.) There are ongoing discussions of this on:
Reddit: Kernel.org (Arch’s main mirror) compromised
Arch Forum: kernel.org – Security Breach.
Additional info on the kernel.org breach:
Sorry, the comment form is closed at this time.