Kernel.org Hacked & Rooted
0 likes155 views
Kernel.org's servers were hacked on August 12th and rooted with a rootkit called Phalanx injected. The hacking was discovered on August 28th. In response, the servers were taken offline and fully reinstalled, authorities were notified to investigate, and the files in the git repository were checked to ensure nothing was infected. The hacking may have occurred due to a compromised user account or server flaw.
Kernel.org Hacked & Rooted
- 1. Kernel.org hacked & rooted - 09-01-2011 by Intizone - Intizone - Tech Savvy's Choice, Tech Blog on Latest News, hosting, reviews, howto, freebies - http://intizone.net Kernel.org hacked & rooted by Intizone - Thursday, September 01, 2011 http://intizone.net/2011/09/01/kernel-org-hacked-rooted/ Kernel.org - The Core of Linux Kernel.org introduction Kernel.org serves the kernel of linux which is the core of linux in running every single hardware and software. Without the kernel, a computer simply cannot boot up as it cannot connect to the hardware. Summary Kernel.org's server was hacked and rooted and measures have been taken to solve the issue with the help of authorities. Attack initiation date: 12th August 2011 Attack discoveration: 28th August 2011 Measures Taken to solve the problem: 1. Full reinstallation of server. 2. Notify authorities to investigate the attack. 3. Checking on the files in git. Kernel.org Hacked & Rooted Full Story The discovering of the hack and root of kernel.org page 1 / 2
- 2. Kernel.org hacked & rooted - 09-01-2011 by Intizone - Intizone - Tech Savvy's Choice, Tech Blog on Latest News, hosting, reviews, howto, freebies - http://intizone.net Well, the story first started on 12th August. Server Hera was hacked and rooted. The server may be exploited due to the fact that an user's information was compromised. SSH passwords were changed and a rootkit called Phalanx was injected to the system. User's actions are logged and exploit codes are being run. The discover of trojan and rootkit The trojan was discovered due to the Xnest /dev/mem error message w/o Xnest installed. However, it is unknown whether the systems with this error message are vulnerable or not. This discover was made on 28th August. Actions taken on the hack and root of kernel.org The boxes are taken offline and backups and reinstallations are done. Besides, the authorities in Europe and United States are also notified to help kernel.org in the investigation of the attack. Analysis on the code within the git will be taken to confirm that no file has been injected with the rootkit or trojan. My Opinion on this attack incident I think that there must be a flaw on the server or it may due to a human flaw so the server administrators must be alert and check their logs daily to prevent such an incident from bringing a greater damage to the world as almost every servers in the world uses Linux based distro as their server. page 2 / 2 Powered by TCPDF (www.tcpdf.org)