The Linux kernel site was hacked around the time the popular operating system celebrated its 20th anniversary on August 25. In a post on the site, the organisation admitted that “a number of servers in the kernel.org infrastructure were compromised”.
The discovery was made on August 28 but the kernel team did not say when the hack occurred as logs are still under forensic examination. The post added that it is not thought the source code repositories were affected.
There is also a check being made of all the code within Git, a revision control system devised by Linus Torvalds who created Linux. The team is also testing the tarballs, composites of archived files, to affirm that nothing has been modified.
European and US authorities have been notified of the breach.
In its statement, the kernel.org managers said, “The Linux community and kernel.org take the security of the kernel.org domain extremely seriously, and are pursuing all avenues to investigate this attack and prevent future ones.”
The hack will not affect the code in the long term because the Git system encrypts all of the Linux files, almost 40,000, with a SHA-1 hash which defines the exact contents of the original files. Throughout development, Git names each file version according to the complete development history leading up to the current version. Once published, it is “not possible to change the old versions without it being noticed”.
When it comes to sound versions of the files, the backup system of Linux code is too complex for a hacker to be able to damage any file. Copies are held on Kernel.org mirror sites and on thousands of servers owned by the developers and distribution maintainers in the Linux community. Many o the developers update these personal repositories every day and changes would be noticed and flagged up immediately.
All 448 users who maintain kernel.org are changing their authentication details and Secure Shell (SSH) keys. In addition, security policies are being audited.
A detailed log of what is known so far has also been included in the disclosure:
Tesla shareholders to be asked to reinstate Elon Musk's $56 billion pay package, days after…
Catching WhatsApp? Billionaire founder of Telegram claims encrypted platform will reach one billion users within…
Good news for Mark Zuckerberg as judge dismisses some claims in dozens of lawsuits alleging…
Consequences of Assembly Bill 886. Google begins removing California news websites from some search results
CEO Tim Cook during visit to Jakarta says Apple will look into building a manufacturing…
Introduction of digital services tax on tech firms will begin in 2024 Canadian government confirms,…
View Comments
Happy 20th Linux :)
Wow, what a party!