For three weeks in September and early October, officials kept kernel.org closed so the servers that run it could be rebuilt. When the site reopened on October 4, a message on the front page prominently warned of the breach and noted the steps taken to rebuild the site. "Thanks to all for your patience and understanding during our outage and please bear with us as we bring up the different kernel.org systems over the next few weeks," the message concluded. "We will be writing up a report on the incident in the future."
Almost two years later, the report has yet to be delivered. The promise to deliver an incident report remained on kernel.org as recently as March 1 of this year, before being quietly pulled the following day. To this day, officials have yet to provide key details, including exactly how many machines were compromised, how the attackers were able to gain root access to them, and what they did once they seized control. The delay contrasts sharply with autopsies that were delivered promptly following two similar compromises of Apache.org, the official distributor of the open-source Apache Web server.
1, The link led to a spoofed webmail login where she shared her email credentials.
2. “The imprimatur of [the senior executive] suggested something was actually going on here,” he says. “I’ve been kicking myself black and blue over this.”
A few years ago we started digitally signing all our outbound e-mail and we worked with Yahoo and Google so if they saw e-mail that purported to come from us but wasn't signed they would block it. That has been stunningly successful. Now we're trying to get the whole industry to take up that type of approach. But it will take several more years of pushing to get the rest of the industry to do that.
to view your certificates on FireFox: select: edit | preferences | advanced | certificates | view certificates | servers + authorities
mike acker wrote:ummmmmmm....Check that
ashtongj wrote:I notice the attack subverted ssh. I'm a newbie, and I see that I have an ssh-agent process on my Petra Cinnamon 64 bit machine. The only devices I normally have on my home network are a Windows 8.1 machine, an Android phone, and the Petra machine.
Is there any cool stuff I can do between the various machines that I need ssh for? If not, how do I disable ssh?
I should point out here though that although ssh is a major attack vector in the Linux world, it is usually the server that is attacked not the client and Mint does not install the server by default so you could just leave it as it is....
Users browsing this forum: Amanoo and 7 guests