Hi, On Sep 14, 11:08 pm, Ershad K <ersha...@gmail.com> wrote: > Yeah, but I'm curious how the server got compromised.
To start with, I made a mistake - the linux kernel is distributed from kernel.org. Not from linux foundation. The bad news is, kernel.org is also compromised. There is very little info available right now - but this much is apparent: (from kernel.org) * Intruders gained root access on the server Hera. We believe they may have gained this access via a compromised user credential; how they managed to exploit that to root access is currently unknown and is being investigated. * Files belonging to ssh (openssh, openssh-server and openssh- clients) were modified and running live. * A trojan startup file was added to the system start up scripts * User interactions were logged, as well as some exploit code. We have retained this for now. * Trojan initially discovered due to the Xnest /dev/mem error message w/o Xnest installed; have been seen on other systems. It is unclear if systems that exhibit this message are susceptible, compromised or not. If developers see this, and you don’t have Xnest installed, please investigate. * It *appears* that 3.1-rc2 might have blocked the exploit injector, we don’t know if this is intentional or a side affect of another bugfix or change. This is a little disturbing due to the following: 1. Two sites were compromised nearly at the same time - possibly in the same way. (leaked ssh keys?) 2. If both cracks used compromised credentials, it is surprising how *root* credentials to *both* sites were leaked. 3. You can place malware in linux systems. Some people have already picked up point 3. Some wise guys are even claiming that linux is more insecure than windoze. Only that claim lacks common sense. The whole purpose of a root account is that - to mess with a system any way you want. Regards, Gokul Das -- "Freedom is the only law". "Freedom Unplugged" http://www.ilug-tvm.org You received this message because you are subscribed to the Google Groups "ilug-tvm" group. To control your subscription visit http://groups.google.co.in/group/ilug-tvm/subscribe To post to this group, send email to ilug-tvm@googlegroups.com To unsubscribe from this group, send email to ilug-tvm-unsubscr...@googlegroups.com For details visit the google group page: http://groups.google.com/group/ilug-tvm?hl=en
