Linux Foundation hit with security breach, shuts down several sites

Linux is the yang to Windows' yin. In contrast to Microsoft's grand OS, it's free and relatively unpopular. It's also susceptible to malware and cyber attacks. The Linux Foundation, a non-profit group comprised of proponents and developers who wish to see the open source system flourish, has shut down key sites following a malware-related security breach.

ADVERTISEMENT

The Linux Foundation confirmed the attack compromised more than just personal information. In a statement which currently serves as a placeholder at affected sites, the group asked members to be vigilant and patient:

Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. The Linux Foundation made this decision in the interest of extreme caution and security best practices. We believe this breach was connected to the intrusion on kernel.org.

We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update this statement when we have more information.

We apologize for the inconvenience. We are taking this matter seriously and appreciate your patience. The Linux Foundation infrastructure houses a variety of services and programs including Linux.com, Open Printing, Linux Mark, Linux Foundation events and others, but does not include the Linux kernel or its code repositories.

Online security company Sophos' Naked Security blog drew connections between the recent shutdown and a previous malware infection which affected kernel.org late last month. Paul Ducklin, Sophos Head of Technology for Asia Pacific,  confirmed the link.

"The Linux Foundation and Kernel.org sites are internet neighbors in the 140.211.169.0/25 network block," wrote Ducklin. The Linux Kernel Archives are indeed also "down for maintenance."

ADVERTISEMENT

The expert believes some "perversely back-handed" good could come from this.

"The 'Linux has magic security smoke' proselytisers will be compelled to admit that insecurity isn't just about Microsoft, and will be forced to improve their public attitude to security in general," said Ducklin. "The 'Linux is nothing more than a hobby product' naysayers will be compelled to admit that the operating system really is part of the Big Time. Why else would kernel.org be in the sights of cybercrooks?"

That's likely little comfort for Linux Foundation and the unknown number of people affected by the breach, but more security is never a bad thing. (via Naked Security)

ADVERTISEMENT

Are you an avid Linux user? Let us know how/if this attack affected you in the comment section.

No posts to display