Last week, the Linux Foundation, sent an email to all users, informing them that an attacker had compromised LinuxFoundation.org and Linux.com, also their sub domains. Other pertinent details such as usernames, email addresses, and passwords got stolen too.
The company found out about the recent attack on Thursday. Currently, the foundation is busy conducting a full audit of the affected sites. On a message postdated on the front page of Linux Foundattion website, it says that they are in the process of restoring services in a secure manner as quickly as possible.
As of now, the foundation does not have a clue about the full extent of the intrusion, and advised users to change their passwords as the site becomes operational. Linux Foundation warns users, who use the same passwords on other sites to change the password as soon as they can.
Given the password notification, did the Linux Foundation fail to locked the passwords, for instance by stocking them as ordinary text, instead of salting and hashing them? Not essentially, as claimed by Paul Ducklin, head of technology for Sophos in the Asia Pacific region. In a blog post, that he had written he said that the breach seems to involve a malware compromise, not merely the unlawful retrieval of facts from the servers. If a server got possessed by malware, yet the login process should be measured untrustworthy. Passwords can be easily stolen immediately from memory in the course of login, although it got never written to disk.
linuThe Linux Foundation believes that the attack has something to do with the last month’s attack on kernel.org, which has remained since then, still waiting for the administration to audit the site.
In a statement, earlier posted on the site, the Linux Kernel Organization said it found out that, on August 28,there are few servers that got compromised, with an attacker obtaining root access. The statement claims that they are in the process of confirming the steps in enhancing security across the kernel.org Infrastructure.
Based on the reports of The Register, both Kernel.org servers and the computer of the person, who maintains the site got infected with the malware. The breach last for 17 days before it got detected. Linux experts say it is not that alarming since the site does not house the codes.
Additionally, there were no changes that got made to the distributed code without alarms sounding. The code for the site controlled by the ‘git’ source code management system.