Kernel.org Server Compromised

[Lakshmipathi]

I have to admit that my first thought was that this was a microsoft attack on linux!!

hehe.. I don't think microsoft has such a talented people who can break into linux.

BTW,I guess, it might be the case of admin using weak password & cracker able to guess it with brute-force method !! -- just my thoughts .

[elija]

user: root
password: root

or maybe

[SL6-A1000]

That article Lakshmipathi posted is interesting. But what seems so stupid is why bother attacking an open source linux kernel server?
Sure they could backport a hacked kernel and hijack several million computers, but what are they going to do with all that information and more importantly how would they sipher through millions of people's computers without some form of team? Cause controlling Joe Blog's computer (through a hacked kernel) is all well and good but not if his computer has nothing of value on it. You may as well of spent your time doing something more constructive.
To me it seems like who ever hacked kernel.org was a digruntled employee who probably already had access and made appear as a hacking as to not be caught and just wanted create an obstacle and havoc for whatever reason to prevent kernel.org from functioning. As you don't spend all that time breaking in, to not even touch all the source files or so it appears.

[Jonathan183]

the official response seems to be the server was compromised but the kernel is OK because it's on git ... this has been worrying me for a while now ...
how does anyone know that a compromised account (or accounts) have not been used to submit updates to the kernel and compromised the kernel ... short of doing a manual review of all submits since the last known good version (which may be from August or even longer ago) ? hundreds or millions of copies distributed around the world don't help if changes have been via a genuine contributor account ...

[Rubberman]

They had checksum hashes for all the kernel source code from before the exploit, and were able to verify whether or not the sources had been compromised by recomputing the hash values and checking that against the list.

[Jonathan183]

Rubberman ... I understand if the source has been tampered with by unauthorised account then hash values will help. What if the account is valid ... it's just being used by someone who should not be using it ? user123 is a valid contributor and his account is used to do a git commit with comments that look Ok but source code includes bad code? as my previous post how is this checked short of a manual review of every commit since last good kernel source?

[Rubberman]

One of the reasons why the Linux Foundation and Kernel.org sites were down so long was just for this reason, to verify all of the current sources with what was backed up before the exploit occurred, plus strengthening the security of the sites.