Linux.com Hacked


Recommended Posts

Following on the heels of a breach of kernel.org, the internet holding place for the Linux kernel, Linux.com and its related sites have been breached. Details of the attack are unknown at this time, but as of this writing I get a message from Linux.com telling me it's down for maintenance. Here is an e-mail I just received from the head-sheds at Linux.com, and below that is a screenshot of Linux.com as of right now.

  Quote
Attention Linux.com and LinuxFoundation.org users,

We are writing you because you have an account on Linux.com,

LinuxFoundation.org, or one of the subdomains associated with these domains.

On September 8, 2011, we discovered a security breach that may have

compromised your username, password, email address and other information you

have given to us. We believe this breach was connected to the intrusion on

kernel.org.

As with any intrusion and as a matter of caution, you should consider the

passwords and SSH keys that you have used on these sites compromised. If you

have reused these passwords on other sites, please change them immediately.

We are currently auditing all systems and will update public statements when

we have more information.

We have taken all Linux Foundation servers offline to do complete

re-installs. Linux Foundation services will be put back up as they become

available. We are working around the clock to expedite this process and are

working with authorities in the United States and in Europe to assist with

the investigation.

The Linux Foundation takes the security of its infrastructure and that of

its members extremely seriously and are pursuing all avenues to investigate

this attack and prevent future ones. We apologize for this inconvenience and

will communicate updates as we have them.

Please contact us at info@linuxfoundation.org with questions about this

matter.

The Linux Foundation

post-125978-0-73981200-1315780883.png

Link to comment
https://www.neowin.net/forum/topic/1024650-linuxcom-hacked/
Share on other sites

It's worth noting that despite the problems the sites are having, none of the kernel code has been compromised, so Linux is still perfectly safe to use.

====

On a sidenote, that is some epic huge spam right there.

ouch mozillazine could have a possibility to be affected:

take a look!

Domain mozillazine.org

Netblock owner Oregon State System of Higher Education

IP address 140.211.166.65

Domain linux.com

Netblock owner Oregon State System of Higher Education

IP address 140.211.169.32

same datacenter!!!!!!! NOT GOOD.

Wait, kernel.org was hacked last week too if i'm not mistake. We haven't gotten a new cyanogenmod in so long because the github repo couldn't sync with the source or something like that. Seems someone's out to get Linux (maybe it's Apple and Microsoft :shifty:)

So was Linux.com website using Linux server if it was hacked?

I guess this would disprove the theory that Linux is almost unhackable.

PS: Why would hackers want to hack a linux and open source website? I thought hackers liked Linux because its free and people contribute to it and its non profit unlinke MS and Apple.

  On 12/09/2011 at 00:08, nukenorman said:

So was Linux.com website using Linux server if it was hacked?

I guess this would disprove the theory that Linux is almost unhackable.

PS: Why would hackers want to hack a linux and open source website? I thought hackers liked Linux because its free and people contribute to it and its non profit unlinke MS and Apple.

Depending on the group, some hackers hack just to hack. Hackerleaks.tk, which was up just a month or so ago, was a website where people could go brag about their latest hack. They had posts where people had broken into the most random stuff, with no larger objective apparent.

Anything is hackable, with enough time and knowledge about your target. People who say Linux is "unhackable" are naive. I like it because it just works and is easier for me to manage and have positive control over, but it is by no means perfect or "unhackable".

  On 12/09/2011 at 00:08, nukenorman said:

PS: Why would hackers want to hack a linux and open source website? I thought hackers liked Linux because its free and people contribute to it and its non profit unlinke MS and Apple.

It's Sunday and script kiddies are bored - that's basically all the reason needed.

  On 12/09/2011 at 00:08, nukenorman said:

So was Linux.com website using Linux server if it was hacked?

I guess this would disprove the theory that Linux is almost unhackable.

PS: Why would hackers want to hack a linux and open source website? I thought hackers liked Linux because its free and people contribute to it and its non profit unlinke MS and Apple.

IIRC kernel.org was hacked because of a weak password and the guys who did it weren't actually targeting kernel.org, it probably just popped up in an automated scan.

Almost anything can be hacked, but if people use weak passwords and/or poor administration practices you don't even need to look for actual vulnerabilities on the platform. I know several medium/big companies where half of their HPUX servers have root passwords like "temporary" or "admin" *shrug*

So there's been an update posted to the page you get when you visit www.linux.com .

  Quote
Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. The Linux Foundation made this decision in the interest of extreme caution and security best practices. We believe this breach was connected to the intrusion on kernel.org.

We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update this statement when we have more information.

We apologize for the inconvenience. We are taking this matter seriously and appreciate your patience. The Linux Foundation infrastructure houses a variety of services and programs including Linux.com, Open Printing, Linux Mark, Linux Foundation events and others, but does not include the Linux kernel or its code repositories.

Please contact us at info@linuxfoundation.org with questions about this matter.

The Linux Foundation

*** UPDATE***

We want to thank you for your questions and your support. We hope this FAQ can help address some of your inquiries.

Q: When will Linux Foundation services, such as events, training and Linux.com be back online?

Our team is working around the clock to restore these important services. We are working with authorities and exercising both extreme caution and diligence. Services will begin coming back online in the coming days and will keep you informed every step of the way.

Q: Were passwords stored in plaintext?

The Linux Foundation does not store passwords in plaintext. However an attacker with access to stored password would have direct access to conduct a brute force attack. An in-depth analysis of direct-access brute forcing, as it relates to password strength, can be read at http://www.schneier.com/blog/archives/2007/01/choosing_secure.html. We encourage you to use extreme caution, as is the case in any security breach, and discontinue the use of that password if you re-use it across other sites.

Q: Does my Linux.com email address work?

Yes, Linux.com email addresses are working and safe to use.

Q: What do you know about the source of the attack?

We are aggressively investigating the source of the attack. Unfortunately, we can't elaborate on this for the time being.

Q: Is there anything I can do to help?

We want to thank everyone who has expressed their support while we address this breach. We ask you to be patient as we do everything possible to restore services as quickly as possible.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Amazon Alexa+ now has more than a million users by Aditya Tiwari Amazon's muscled-up voice assistant, Alexa+, has reached a new milestone. A company spokesperson told The Verge that Alexa+ has now crossed one million users. The e-commerce giant introduced Alexa+ earlier this year as its generative AI offering. Why? It's a new trend, and everyone is doing it. According to the company, Alexa Plus offers more natural and free-flowing conversations than its predecessor. You can speak half-formed thoughts using colloquial expressions, and the AI assistant should be able to understand you and provide an answer. Announcing its capabilities, Amazon previously said that you will be able to start a conversation on your Echo device and continue it on your phone, car, or computer. One million may not be a significant number when comparing it with the number of Alexa-enabled devices out there. Amazon revealed earlier this year that there are over 600 million Alexa devices globally. However, the number of Alexa+ users has increased from 'hundreds of thousands' in the previous month. The user base is not as big as that of other names like Gemini and ChatGPT because Amazon is still offering the generative AI assistant through an Early Access program, available to Prime and non-Prime members who own a compatible Echo device. We can find social media posts from different users who have been invited to try Alexa+. While there have been positive reviews from some, the road isn't buttery smooth for others. One user claimed that the early access Alexa+ has problems accessing some temperature sensors the previous version of Alexa would. "I also really dislike how it confidently will tell me something that is incorrect now instead of just saying it doesn't know like it used to tell me," the user added. The upgraded AI voice assistant will cost $19.99 per month, but is being offered for free to Prime subscribers. Alexa+ started rolling out in the US as part of its early access program. One reason why Amazon is giving Alexa+ a slow rollout is that the new devices and services chief, Panos Panay, wants to eliminate all the problems related to the generative AI assistant. Amazon's spokesperson told the publication that the early access program doesn't include features like brainstorming gift ideas, scheduling your next spa visit, ordering groceries hands-free, and jumping to your favorite scene on Fire TV. The program also doesn't offer the "new browser-based experience at Alexa.com," which would put Amazon's AI assistant in line with ChatGPT and Gemini. These missing features will be added in the coming weeks and months, as per the spokesperson, adding that almost 90% of the features are now a part of early access.
    • MSI's 32-inch 4K QD-OLED gaming monitor gets a big price cut for UK gamers and professionals by Paul Hill If you’re a gamer in the UK and looking for a monitor to upgrade to then check out the MSI MPG 321URX QD-OLED 31.5 Inch 4K UHD Gaming Monitor which you can now pick up for just 75% of its recommended retail price. The RRP of this monitor is £1,199, but thanks to this deal, you can get it for just £898.99 for a limited time (purchase link down below). With its 4K display, 240Hz refresh rate, and 0.03ms GTG, you’ll have the edge over other gamers by avoiding lag. At 31.5-inches, it’s the ideal monitor size if you’re sitting up close to it at a desk, you don’t want it too big at such a short range, but you also want to be able to see all the image details so 31.5-inches is a good balance. What makes QD-OLED stand out? There are loads of terms used to describe displays such as AMOLED, OLED, LED, and it can all get a bit confusing. This monitor adds yet another acronym called QD-OLED, which stands for Quantum Dot OLED. For you as a buyer, this means your new monitor has self-emitting pixels that deliver great black levels. It also features an enhanced sub-pixel arrangement for extra sharpness. The 31.5-inch 4K UHD monitor has a 3,840 x 2,160 pixel resolution making it ideal for playing games, but also watching movies in the best quality. Other important features worth mentioning are the 1.07 billion colors (10-bit) that the monitor can produce, its 99% DCI-P3 support, and DisplayHDR True Black 400 certification. All of these things make the monitor produce more accurate colours, potentially making it a good choice for professionals editing videos and photos too. Obviously, games will look good too. MSI has also packed in a fanless graphene heatsink which should help to increase the durability of the monitor long-term. This could extend the time until you need to buy a new monitor, further justifying its almost £900 price tag. Gaming and productivity features It’s not just the hardware that makes this monitor excel for gaming, it also comes with great software enhancements and connectivity options. On the software side, you get the following features: Smart Crosshair: Projects a customizable crosshair onto the screen to improve hip-fire accuracy and iron sights in first-person shooter games. Optix Scope: Gives you a built-in aim magnifier with multi-stage zooming and shortcut keys to quickly switch magnification levels. AI Vision: This automatically enhances brightness and colour saturation, particularly in dark areas of the screen, making it easier to see enemies hiding in shadows or dark corners. If you have two separate systems you want to connect to the monitor at once, you can do so with this monitor thanks to KVM support. You can view both sources with Picture-in-Picture and Picture-by-Picture modes. The MSI MPG 321URX QD-OLED 31.5 Inch 4K UHD Gaming Monitor also supports next-gen consoles with features like HDMI CEC Profile Sync, HDMI Variable Refresh Rate (VRR), and 4K:4K downscaling. In terms of connectivity and ergonomics, you get DisplayPort 1.4a, 2x HDMI 2.1 (CEC), USB Type-C with 90W power delivery, and a USB hub. The monitor uses a tilt-, swivel- & height-adjustable stand that is VESA compatible. Should you buy this monitor? The MSI MPG 321URX QD-OLED 31.5 Inch 4K UHD Gaming Monitor is definitely a product for serious gamers looking for top-tier visual fidelity and performance or content creators who need accurate colours and high resolution. Even with the significant discount, it’s still at a premium price and definitely not for everyone. If you are in one of the groups mentioned, then you should give serious consideration to buying the MSI MPG 321URX QD-OLED 31.5 Inch 4K UHD Gaming Monitor as it's the lowest price the monitor has been at on Amazon to date. MSI MPG 321URX QD-OLED 31.5 Inch 4K Gaming Monitor: £898.99 (Amazon UK) / RRP £1,199 This Amazon deal is U.K. specific, and not available in other regions unless specified. If you don't like it or want to look at more options, check out the Amazon UK deals page here. Get Prime, Prime Video, Music Unlimited, Audible or Kindle Unlimited, free for the first 30 days As an Amazon Associate we earn from qualifying purchases.
    • So they went from bloody awful, to still bloody awful? Pass...
    • Hmm, I have been setting folder colors in Teams as we got more and more clients, but they never synced to File Explorer on my Surface Pro 7+. So, all this while, thought the feature wasn't available yet. Guess it'll need to be changed via the SharePoint website for it to sync to File Explorer. Thanks for sharing 👍🏼
  • Recent Achievements

    • Enthusiast
      computerdave91111 went up a rank
      Enthusiast
    • Week One Done
      Falisha Manpower earned a badge
      Week One Done
    • One Month Later
      elsa777 earned a badge
      One Month Later
    • Week One Done
      elsa777 earned a badge
      Week One Done
    • First Post
      K Dorman earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      533
    2. 2
      ATLien_0
      272
    3. 3
      +FloatingFatMan
      201
    4. 4
      +Edouard
      200
    5. 5
      snowy owl
      138
  • Tell a friend

    Love Neowin? Tell a friend!