#1 Posted by pete_mw on Sep 12, 2011 7:07 AM

Looks like the comments demonstrate some rather 'interesting’ views as well.

Somebody went so far as to blame it on people logging in from Windows PCs, as if this was somehow a guarantee that your user account could be compromised.

#2 Posted by _sw on Sep 12, 2011 7:18 AM

According to Ubuntu Forums, this is great news, because it means that Linux is becoming more well known and popular.

#3 Posted by ReverseControllerSE on Sep 12, 2011 7:46 AM

Yep, they like to claim that – someone should remind them about their favourite slogan: SekurByDezign™

#4 Posted by masterLoki on Sep 12, 2011 11:36 AM

“Somebody went so far as to blame it on people logging in from Windows PCs”

For what they know about security, they may even think that surfing the internetz with Windows may cause LAMP malfunction and/or DDOS.

#5 Posted by masterLoki on Sep 12, 2011 11:48 AM

@_SW

Nice reference to the Ubuntu Forums, I’d like how the are wondering the who and why behind the attack.

Also found this post:

“I don’t think that the Linux Foundation (or kernel.org) itself is a lone target. the PlayStation Network, Citibank, as well as LastPass where all hacked recently and that’s just the ones I can name of the top of my head.”

I guess that to keep Linux InherentlySecure™, they need more Eyeballs to, oh wait…

#6 Posted by Ian on Sep 12, 2011 12:23 PM

Love it!

“Just based on this email, we don’t know whether the Linux servers were hacked at all. All we know is that the attackers managed to get control of a shell account and escalate that to root. It could have been done through piggybacking on sudo or through an exploit. There’s no reason to start a Windows vs. Linux vs. whatever flamewar.

[...]”

We don’t know if it was the Linux servers that got hacked? What, Linux.com is running on Windows servers?

Just love the hypocrisy here :) When Windows has a security issue its all Microsoft’s fault, but when a Linux server is hacked, its not only not the fault of the server operating system, but its not even the fault of the server administrators.

Because “this could be the result of a 0-day that can be exploited through the network, without authentication.” You know, those things Linux isn’t supposed to have because it is InherentlySecure™.

#7 Posted by Ian on Sep 12, 2011 1:09 PM

Wow, these guys have practiced the art of dissing others and staying together as one, and calling out the trolls when they attempt to change the subject: http://www.zdnet.com/tb/1-102583?tag=siu-container;talkback

Is ZDNet being taken back by competent people..?!

#8 Posted by imgx64 on Sep 12, 2011 2:04 PM

“We don’t know if it was the Linux servers that got hacked? What, Linux.com is running on Windows servers?

Just love the hypocrisy here :) When Windows has a security issue its all Microsoft’s fault, but when a Linux server is hacked, its not only not the fault of the server operating system, but its not even the fault of the server administrators.”

Well, since there really is no such thing as “Linux” as a single piece of software, every part can blame the other parts. In this particular example, that person’s argument is “Linux wasn’t hacked, it’s probably sudo that was exploited”.

In other words, for every argument you have against Linux, someone has a counterargument that part X is the problem, not Linux.

Of course, what I just described isn’t a problem in Linux, the problem is the Linux community ;)

#9 Posted by Ian on Sep 12, 2011 2:09 PM

Oh right… My bad. Somehow I constantly forget that… But hey, if Linux is supposed to be InherentlySecure™, shouldn’t the awesomeness that is the Linux kernel spill over and protect every component from every security issue imaginable? I mean, it is a magical operating system!

Though if it does end up being an issue with the kernel itself, who do they blame that on?

#10 Posted by Platonica on Sep 12, 2011 4:10 PM

Like the commenters on that ZDNet article linked by Ian, I too would dearly like to see how the master of originality, SJVN, is going to spin this one XD

Welcome back to the reality of computing, Loons.

#11 Posted by Ian on Sep 12, 2011 4:53 PM

> Like the commenters on that ZDNet article linked by Ian, I too would dearly like to see how the master of originality, SJVN, is going to spin this one XD

It’ll be the usual “every operating system has security issues,” but as soon as Windows has any issue, they will be on it like white on rice and give the famous 10 reasons to switch because Windows had a booboo — something Linux doesn’t have.

Of course Microsoft.com has yet to succumb to such an attack, I even remember reading an article that Microsoft’s websites are attacked thousands of times per day — and so far, little success (I say little because I haven’t heard of any, but there probably have been some long ago). The article is somewhere in my StumbleUpon favorites, but I can’t remember the title. Oh well.

#12 Posted by administrator on Sep 12, 2011 8:12 PM

It doesn’t get any more InherentlySecure than that!

#13 Posted by masterLoki on Sep 12, 2011 8:31 PM

“Of course Microsoft.com has yet to succumb to such an attack, I even remember reading an article that Microsoft’s websites are attacked thousands of times per day — and so far, little success”

It’s because they have cool admins ;). So cool than won’t let the server sitting over there unwatched.

#14 Posted by Ian on Sep 12, 2011 8:57 PM

Darn it! I keep forgetting things… MicrosoftRunsOnLinux™! They just don’t have any exploitable components installed, is all!

#15 Posted by ChrisTX on Sep 12, 2011 9:02 PM

Notice how kernel.org is down as well.

#16 Posted by imgx64 on Sep 12, 2011 10:41 PM

“Notice how kernel.org is down as well.”

He’s not down, he’s resting.

#17 Posted by masterLoki on Sep 12, 2011 11:15 PM

“He’s not down, he’s resting.”

Phew, for a moment I thought that a linux machine HAD TO be rebooted.

#18 Posted by administrator on Sep 12, 2011 11:29 PM

Of course it doesn’t need to be rebooted. It was hacked, not a screensaver update!

#19 Posted by Platonica on Sep 13, 2011 4:01 AM
#20 Posted by Platonica on Sep 13, 2011 5:12 AM

Mind you, that a proprietor of security software should be so upbeat about a malware event is hardly surprising… Kerching!

#21 Posted by DigitalAtheist on Sep 13, 2011 9:13 AM

“Linux has magic security smoke”

lmao

#22 Posted by JoeMonco on Sep 13, 2011 2:52 PM

“Mind you, that a proprietor of security software should be so upbeat about a malware event is hardly surprising… Kerching!”

Well, I, for one, gave my hearty chuckle at the meltdown. Does that make me evil now?

#23 Posted by _sw on Sep 13, 2011 3:40 PM

From the comments:

“The point is you came off as a anti-linux nutjob”

Really? facepalm

#24 Posted by Adam_King on Sep 13, 2011 5:35 PM

Would Mafia$oft stoop so low? I think so.

#25 Posted by masterLoki on Sep 13, 2011 6:11 PM

“Would Mafia$oft stoop so low? I think so.”

Come on Adam, that comment is so lousy, old and tired that hard to make fun of it. I know you can make better.

#26 Posted by Adam_King on Sep 13, 2011 6:14 PM

masterLoki,

You aren’t worthy to eat my sh!t, you two-faced scumbag.

#27 Posted by masterLoki on Sep 13, 2011 6:17 PM

“you two-faced scumbag”

Two-faced? at least could explain me why am I two faced?

Tip: Use FLOSS analogies for better understanding.

#28 Posted by Adam_King on Sep 13, 2011 6:21 PM

Don’t act like you don’t know. Or are you really that stupid?

#29 Posted by DrLoser on Sep 13, 2011 6:54 PM

Yes, Adam, we really are that stupid.

Now then. Go back to telling your teddy bear how much you love him.

He will understand.

#30 Posted by KimTjik on Sep 18, 2011 11:25 AM

Frugalware has also been attacked at about the same time. It’s not a question about some system exploit. A investigation proved it was a case of stolen user-name and password. No repository was compromised. Instead of plain ssh access by user-name and password a ssh key will now be necessary.

#31 Posted by DrLoser on Sep 18, 2011 11:34 AM

And in other news:

Earthquake in Chile. Not many dead.

Seriously: who the farg cares about Frugalware?

#32 Posted by DrLoser on Sep 18, 2011 11:51 AM

As of September 12th:

“Bringing back websites like kernel.org is more complex than one might think at first. This task list is very likely incomplete:
Rebuild content making sure that nothing is compromised
Redesign the architecture (Isolate heavy-load servers from user-accessible machines)
Implement new architecture, get new equipment delivered, design and review firewall rules
Implement monitoring tools to discover intrusions
Provision your users with accounts without using old keys and passwords
Execute a penetration test on the new setup
Doing all these things right requires time. Hopefully they have support from folks who have experience in that, particularly the operational side of it.”

Well, that should be easy, then.

Expect the sites back up some time after hydrogen runs out.

#33 Posted by DrLoser on Sep 18, 2011 11:53 AM

(And yes, Kim, I know it was a joke.)

#34 Posted by KimTjik on Sep 18, 2011 11:58 AM

“Seriously: who the farg cares about Frugalware?”

In the context that both had a similar back door installed. Hence it could well be more than a coincidence.

You should address that question to the one/ones bothering to care about the Frugalware infrastructure enough to steel username and passwords and install that backdoor. Someone cared. Why? I don’t know.

#35 Posted by DrLoser on Sep 18, 2011 12:03 PM

Not that I care, but somebody else might.

This security exploit affects Frugalware, right? Some bunch of divots I have not yet come across.

It also affects the kernel Loons. A bunch of divots who are famous across the globe.

Seems to me that, if there’s a connection at all, the people at Frugalware have seriously pissed somebody off.

Other than that, it’s just your blah Linux blah Do You Hate Us Becoz We Is Secure? blah nonsense.

To quote Frugalware is an exceptionally fine case of straw man argument.

#36 Posted by KimTjik on Sep 18, 2011 12:12 PM

“To quote Frugalware is an exceptionally fine case of straw man argument.”

Relax, I didn’t add this incident with any specific purpose, and certainly not as an argument for… For what would it be an argument? You mean that a heap of straws is frugal cloths of a poor man?

You must be signed in to leave comments.