On 09/15/2011 09:17 PM, Visakh wrote: > Hi, > > On Sep 14, 11:08 pm, Ershad K <ersha...@gmail.com> wrote: >> Yeah, but I'm curious how the server got compromised. > > To start with, I made a mistake - the linux kernel is distributed from > kernel.org. Not from linux foundation. The bad news is, kernel.org is > also compromised. > There is very little info available right now - but this much is > apparent: (from kernel.org) > > * Intruders gained root access on the server Hera. We believe they > may have gained this access via a compromised user credential; how > they managed to exploit that to root access is currently unknown and > is being investigated. > * Files belonging to ssh (openssh, openssh-server and openssh- > clients) were modified and running live. > * A trojan startup file was added to the system start up scripts > * User interactions were logged, as well as some exploit code. We > have retained this for now. > * Trojan initially discovered due to the Xnest /dev/mem error > message w/o Xnest installed; have been seen on other systems. It is > unclear if systems that exhibit this message are susceptible, > compromised or not. If developers see this, and you don’t have Xnest > installed, please investigate. > * It *appears* that 3.1-rc2 might have blocked the exploit injector, > we don’t know if this is intentional or a side affect of another > bugfix or change. > > > This is a little disturbing due to the following: > > 1. Two sites were compromised nearly at the same time - possibly in > the same way. (leaked ssh keys?) > 2. If both cracks used compromised credentials, it is surprising how > *root* credentials to *both* sites were leaked.
Yeah, this is very curious. May be those accounts have sudo (very unlikely). > 3. You can place malware in linux systems. > > Some people have already picked up point 3. Some wise guys are even > claiming that linux is more insecure than windoze. Only that claim > lacks common sense. The whole purpose of a root account is that - to > mess with a system any way you want. -- Sincerely, Ershad K http://ershadk.wordpress.com -- "Freedom is the only law". "Freedom Unplugged" http://www.ilug-tvm.org You received this message because you are subscribed to the Google Groups "ilug-tvm" group. To control your subscription visit http://groups.google.co.in/group/ilug-tvm/subscribe To post to this group, send email to ilug-tvm@googlegroups.com To unsubscribe from this group, send email to ilug-tvm-unsubscr...@googlegroups.com For details visit the google group page: http://groups.google.com/group/ilug-tvm?hl=en
