bjoernvold.com

Just a killer IT site
http://mail.bjoernvold.com/forum/

Security Breach on Linux.com!

http://mail.bjoernvold.com/forum/viewtopic.php?f=14&t=1526

Page 1 of 1

Security Breach on Linux.com!

Posted: 12 Sep 2011, 09:20
by viking60
ImageThis deserves some attention:
Attention Linux.com and LinuxFoundation.org users,

We are writing you because you have an account on Linux.com,
LinuxFoundation.org, or one of the subdomains associated with these domains.
On September 8, 2011, we discovered a security breach that may have
compromised your username, password, email address and other information you
have given to us. We believe this breach was connected to the intrusion on
kernel.org.

As with any intrusion and as a matter of caution, you should consider the
passwords and SSH keys that you have used on these sites compromised. If you
have reused these passwords on other sites, please change them immediately.
We are currently auditing all systems and will update public statements when
we have more information.

We have taken all Linux Foundation servers offline to do complete
re-installs. Linux Foundation services will be put back up as they become
available. We are working around the clock to expedite this process and are
working with authorities in the United States and in Europe to assist with
the investigation.

The Linux Foundation takes the security of its infrastructure and that of
its members extremely seriously and are pursuing all avenues to investigate
this attack and prevent future ones. We apologize for this inconvenience and
will communicate updates as we have them.

Please contact us at info@linuxfoundation.org with questions about this
matter.

The Linux Foundation


Caramba! Merde! Faen! Scheisse! Damit! :berserkf

Re: Security Breach on Linux.com!

Posted: 12 Sep 2011, 13:11
by R_Head
I do not think was a Linux problem but more of an inside job due to poor Security Protocols on the users / admin part. That is the most common way to breach a system.

Re: Security Breach on Linux.com!

Posted: 14 Sep 2011, 17:57
by viking60
Yes It turns out that one of the trusted users lost control over an encryption key to one of the servers.
The database was copied and user data were compromised.
But the passwords were of course not stored as plain text and were encrypted. This has been confirmed since.
That is pretty standard these days. When I program a CMS I always use automatic encryption for passwords so that even I as the programmer have no chance of seeing the password.
(Yes I can create a new one, but I have no chance of seeing the old password)
Any software that stores passwords in plain text would be a disaster these days.
All times are UTC+01:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/