Linux sites recovering from attack - slowly
By Nicole Kobie
Posted on 6 Oct 2011 at 09:38
One Linux site hit by a hack a month ago has come back online, but the main Linux.com remains offline.
Last month, a hacking attack targeting the kernel and user passwords lead to a trio of Linux sites - kernel.org, linux.org and linuxfoundation.org - being taken offline to fix the flaw.
The kernel.org site acknowledged the attack in a statement on the now-recovered main page, saying it used the downtime to rebuild the site.
"Because of this, we have taken the time to rearchitect the site in order to improve our systems for developers and users of kernel.org," the statement read.
We have taken the time to rearchitect the site in order to improve our systems for developers and users
"Right now, www.kernel.org and git.kernel.org have been brought back online," it said. "All developer git trees have been removed from git.kernel.org and will be added back as the relevant developers regain access to the system.
"Thanks to all for your patience and understanding during our outage and please bear with us as we bring up the different kernel.org systems over the next few weeks."
The site promised a full report on the incident "in the future". The main Linux.org site remained offline, with a message promising "we are returning soon".
Paul Ducklin, a security researcher with Sophos, wondered whether the "extended recovery time" was a good move or a "negative result".
"Clearly, the kernel chaps have refused to rush their comeback. That's good," he wrote in a post on the Sophos blog. "But with many weeks already past, and some weeks still to go for a full recovery, you'd be forgiven for asking, 'Where's the legendary malware resilience in Linux itself?'"
From around the web
Just like Android?
Admittedly I'm not sure if Android is Linux based or Java based (that might depend on the Oracle court case) but whichever it is, it seems Android is susceptible to a lot of malware in the same way that Linux has shown itself to be here.
By SwissMac on 6 Oct 2011 
I Hear Silence
From the smug Linux fan boys who have ear bashed the rest of us for years.
Oh the bliss of seeing those chickens coming home to roost.
By RedForest on 6 Oct 2011
@swissmac
Oh dear, you really don't understand. This wasn't malware it was a hack.
However I do suspect that the Linux guys have had to do therapy to recover from thinking they were invincible.
By milliganp on 6 Oct 2011
@swissmac
Maybe it is time for you to learn the difference between a operating system (kernel) and a programming language/platform.
By Riddler on 7 Oct 2011
Wow, check out Sophos getting the boot in there.
By steviesteveo12 on 7 Oct 2011
Security...
Most (professional) Linux users have never taken security for granted. We, like professional OS X and Windows users, patch regularly and test our websites and servers for standard/known attack vectors.
Nobody who actually understands how a computer works ever takes security for granted, regardless of the platform used.
But in this case, it was a WEBSITE that was hacked, not malware on the OS.
It is a fairly poor show, to see how long it has taken them to get back on-line, but without knowing the details of the attack, we can't really comment on why it took so long.
But look at the CA hacks lately, they had nothing to do with the security of the OS, the weakness there can be defined as PEBKAC - the admin used such a weak password, it was almost funny, if it hadn't meant that it opened up an attack vector for man-in-the-middle attacks for the whole Internet and caused the company to go bankrupt.
By big_D on 8 Oct 2011
Silence from the newsreaders...
I admit using linux at home, but I cannot keep quiet here. The kernel source repository is hacked, all information is disclosed and open source code is recovered without incidents... Can you say the same would happen if one of the commercial closed source Operating Systems was atacked? Read the news at linux foundation and you will be certain that is not the Linux community that don't want to talk about it.
By jcmiguel on 12 Oct 2011
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
