In fact, they think it is related to the Kernel.org hack of last month.
Looks like the comments demonstrate some rather 'interesting’ views as well.
Somebody went so far as to blame it on people logging in from Windows PCs, as if this was somehow a guarantee that your user account could be compromised.
According to Ubuntu Forums, this is great news, because it means that Linux is becoming more well known and popular.
Yep, they like to claim that – someone should remind them about their favourite slogan: SekurByDezign™
“Somebody went so far as to blame it on people logging in from Windows PCs”
For what they know about security, they may even think that surfing the internetz with Windows may cause LAMP malfunction and/or DDOS.
Nice reference to the Ubuntu Forums, I’d like how the are wondering the who and why behind the attack.
Also found this post:
“I don’t think that the Linux Foundation (or kernel.org) itself is a lone target. the PlayStation Network, Citibank, as well as LastPass where all hacked recently and that’s just the ones I can name of the top of my head.”
I guess that to keep Linux InherentlySecure™, they need more Eyeballs to, oh wait…
“Just based on this email, we don’t know whether the Linux servers were hacked at all. All we know is that the attackers managed to get control of a shell account and escalate that to root. It could have been done through piggybacking on sudo or through an exploit. There’s no reason to start a Windows vs. Linux vs. whatever flamewar.
We don’t know if it was the Linux servers that got hacked? What, Linux.com is running on Windows servers?
Just love the hypocrisy here :) When Windows has a security issue its all Microsoft’s fault, but when a Linux server is hacked, its not only not the fault of the server operating system, but its not even the fault of the server administrators.
Because “this could be the result of a 0-day that can be exploited through the network, without authentication.” You know, those things Linux isn’t supposed to have because it is InherentlySecure™.
Wow, these guys have practiced the art of dissing others and staying together as one, and calling out the trolls when they attempt to change the subject: http://www.zdnet.com/tb/1-102583?tag=siu-container;talkback
Is ZDNet being taken back by competent people..?!
“We don’t know if it was the Linux servers that got hacked? What, Linux.com is running on Windows servers?
Just love the hypocrisy here :) When Windows has a security issue its all Microsoft’s fault, but when a Linux server is hacked, its not only not the fault of the server operating system, but its not even the fault of the server administrators.”
Well, since there really is no such thing as “Linux” as a single piece of software, every part can blame the other parts. In this particular example, that person’s argument is “Linux wasn’t hacked, it’s probably sudo that was exploited”.
In other words, for every argument you have against Linux, someone has a counterargument that part X is the problem, not Linux.
Of course, what I just described isn’t a problem in Linux, the problem is the Linux community ;)
Oh right… My bad. Somehow I constantly forget that… But hey, if Linux is supposed to be InherentlySecure™, shouldn’t the awesomeness that is the Linux kernel spill over and protect every component from every security issue imaginable? I mean, it is a magical operating system!
Though if it does end up being an issue with the kernel itself, who do they blame that on?
Like the commenters on that ZDNet article linked by Ian, I too would dearly like to see how the master of originality, SJVN, is going to spin this one XD
Welcome back to the reality of computing, Loons.
> Like the commenters on that ZDNet article linked by Ian, I too would dearly like to see how the master of originality, SJVN, is going to spin this one XD
It’ll be the usual “every operating system has security issues,” but as soon as Windows has any issue, they will be on it like white on rice and give the famous 10 reasons to switch because Windows had a booboo — something Linux doesn’t have.
Of course Microsoft.com has yet to succumb to such an attack, I even remember reading an article that Microsoft’s websites are attacked thousands of times per day — and so far, little success (I say little because I haven’t heard of any, but there probably have been some long ago). The article is somewhere in my StumbleUpon favorites, but I can’t remember the title. Oh well.
It doesn’t get any more InherentlySecure than that!
“Of course Microsoft.com has yet to succumb to such an attack, I even remember reading an article that Microsoft’s websites are attacked thousands of times per day — and so far, little success”
It’s because they have cool admins ;). So cool than won’t let the server sitting over there unwatched.
Darn it! I keep forgetting things… MicrosoftRunsOnLinux™! They just don’t have any exploitable components installed, is all!
Notice how kernel.org is down as well.
“Notice how kernel.org is down as well.”
He’s not down, he’s resting.
“He’s not down, he’s resting.”
Phew, for a moment I thought that a linux machine HAD TO be rebooted.
Of course it doesn’t need to be rebooted. It was hacked, not a screensaver update!
Pretty level headed comment?
Mind you, that a proprietor of security software should be so upbeat about a malware event is hardly surprising… Kerching!
“Linux has magic security smoke”
“Mind you, that a proprietor of security software should be so upbeat about a malware event is hardly surprising… Kerching!”
Well, I, for one, gave my hearty chuckle at the meltdown. Does that make me evil now?
From the comments:
“The point is you came off as a anti-linux nutjob”
Would Mafia$oft stoop so low? I think so.
“Would Mafia$oft stoop so low? I think so.”
Come on Adam, that comment is so lousy, old and tired that hard to make fun of it. I know you can make better.
You aren’t worthy to eat my sh!t, you two-faced scumbag.
“you two-faced scumbag”
Two-faced? at least could explain me why am I two faced?
Tip: Use FLOSS analogies for better understanding.
Don’t act like you don’t know. Or are you really that stupid?
Yes, Adam, we really are that stupid.
Now then. Go back to telling your teddy bear how much you love him.
He will understand.
Frugalware has also been attacked at about the same time. It’s not a question about some system exploit. A investigation proved it was a case of stolen user-name and password. No repository was compromised. Instead of plain ssh access by user-name and password a ssh key will now be necessary.
And in other news:
Earthquake in Chile. Not many dead.
Seriously: who the farg cares about Frugalware?
As of September 12th:
“Bringing back websites like kernel.org is more complex than one might think at first. This task list is very likely incomplete:Rebuild content making sure that nothing is compromisedRedesign the architecture (Isolate heavy-load servers from user-accessible machines)Implement new architecture, get new equipment delivered, design and review firewall rulesImplement monitoring tools to discover intrusionsProvision your users with accounts without using old keys and passwordsExecute a penetration test on the new setupDoing all these things right requires time. Hopefully they have support from folks who have experience in that, particularly the operational side of it.”
Well, that should be easy, then.
Expect the sites back up some time after hydrogen runs out.
(And yes, Kim, I know it was a joke.)
“Seriously: who the farg cares about Frugalware?”
In the context that both had a similar back door installed. Hence it could well be more than a coincidence.
You should address that question to the one/ones bothering to care about the Frugalware infrastructure enough to steel username and passwords and install that backdoor. Someone cared. Why? I don’t know.
Not that I care, but somebody else might.
This security exploit affects Frugalware, right? Some bunch of divots I have not yet come across.
It also affects the kernel Loons. A bunch of divots who are famous across the globe.
Seems to me that, if there’s a connection at all, the people at Frugalware have seriously pissed somebody off.
Other than that, it’s just your blah Linux blah Do You Hate Us Becoz We Is Secure? blah nonsense.
To quote Frugalware is an exceptionally fine case of straw man argument.
“To quote Frugalware is an exceptionally fine case of straw man argument.”
Relax, I didn’t add this incident with any specific purpose, and certainly not as an argument for… For what would it be an argument? You mean that a heap of straws is frugal cloths of a poor man?
You must be signed in to leave comments.