Linux Foundation and Kernel.org Hacked

Some shocking news hit the street last week. The folks behind Linux and the Linux kernel have been hacked. Specifically LinuxFoundation.org, Linux.com and Kernel.org web sites were penetrated. The Linux Foundation discovered the Linux repository was rooted by a malware attack.

Being responsible Internet citizens, Linux Foundation took down affected sites for a complete root canal. Here is an excerpt of a statement posted on affected sites and emailed to Linux Foundation members. (I’m one of them)

Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. The Linux Foundation made this decision in the interest of extreme caution and security best practices. We believe this breach was connected to the intrusion on kernel.org.

The statement continues, indicating Linux Foundation members should accept their account as compromised and if the password was used at any other sites it should be changed immediately. This type of compromise supports the argument that passwords should never be used at more than one site. If one site becomes compromised, you can bet others will fall too. Personally I’ve always used a separate password for every web site. “YES!” it is a royal pain the rear to keep track of all passwords but at this point I don’t have to scramble and worry other site accounts may become compromised.

One suggestion I can make here is the use of an Open Source utility called KeyPass Password Safe. In fact I’ll post a review and basic user guide to KeyPass so stay tuned. And if you share passwords among multiple sites get ready to change them :-)

Cheers,

Tom