[ale] Security breach on kernel.org

Bob Toxen transam at VerySecureLinux.com
Thu Sep 1 14:13:51 EDT 2011


Mike,

Why DO the developers need to change their private SSH keys?  I hope
they were not stored on the compromised systems.

In my book I discuss special procedures to cover very high security
situations which kernel.org certainly qualifies as.  One part is to keep
the private ssh keys (and other crypto keys) OFFline to avoid being
compromised from the Internet.

Bob Toxen
http://www.verysecurelinux.com        [Network&Linux security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
Quality spam and virus filters.

On Thu, Sep 01, 2011 at 09:21:06AM -0400, Michael H. Warfield wrote:
> On Thu, 2011-09-01 at 08:42 -0400, Jim Kinney wrote: 
> > Major bad news. They host loads of code.
> 
> Read the articles.  Several machines were compromised but not all.
> Compromised machines have been taken off line for diagnostics and
> reinstallation.  A number of developers (close to 500) are having to
> change their ssh keys, which sucks.
> 
> Bad but highly unlikely to have any impact on the source code thanks to
> the nature of git and the highly distributed development model along
> with cryptographically secure hashes and history on every single file.
> They'd need a time machine to go back and poke changes into past sources
> and change sets and they're need a transporter to get to all the
> thousands of machines hosting git repos at developer sites for the
> development their development.  They're validating the the change sets
> and hashes but it's unlikely to contain anything and it's unlikely the
> sources have been contaminated.  Unexpected changes should show up
> rapidly to the subsystem maintainers as unexpected conflicts or
> validation checks or unapproved changes sets.
> 
> http://www.linux.com/news/featured-blogs/171-jonathan-corbet/491001-the-cracking-of-kernelorg
> 
> He points out that the sources are distributed from kernel.org but are
> developed on and hosted all over the world.
> 
> Regards,
> Mike
> 
> > On Sep 1, 2011 8:14 AM, "Watson, Keith" <krwatson at cc.gatech.edu> wrote:
> > > Security breach on kernel.org
> > > https://www.kernel.org/
> > >
> > > Earlier this month, a number of servers in the kernel.org infrastructure
> > were compromised. We discovered this August 28th. While we currently believe
> > that the source code repositories were unaffected, we are in the process of
> > verifying this and taking steps to enhance security across the
> > kernel.orginfrastructure.
> > >
> > >
> > > There is more information on their home page.
> > >
> > > keith
> > >
> > > --
> > >
> > > Keith R. Watson Georgia Institute of Technology
> > > IT Support professional Lead College of Computing
> > > keith.watson at cc.gatech.edu 801 Atlantic Drive NW
> > > (404) 385-7401 Atlanta, GA 30332-0280
> > >
> > >
> > >
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://mail.ale.org/mailman/listinfo/ale
> > > See JOBS, ANNOUNCE and SCHOOLS lists at
> > > http://mail.ale.org/mailman/listinfo
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> 
> -- 
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!



> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list