this post was submitted on 15 May 2024
74 points (70.3% liked)

Linux

48624 readers
1681 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
top 11 comments
sorted by: hot top controversial new old
[–] [email protected] 128 points 7 months ago* (last edited 7 months ago)

They are using Linux as the hook in the headline, the attack on kernel.org was widely reported when it happened, over a decade ago, although maybe not so publicly dissected. There was even an arrest.

The same malware is still active in the wild and attacking other people, that’s the real point of the article.

[–] mvirts 96 points 7 months ago (3 children)

Maybe a better title would have included "from 2009 to 2011"

[–] [email protected] 23 points 7 months ago

But that would make this "news" piece irrelevant, no?

[–] [email protected] 23 points 7 months ago

In other news, the world trade center was hit by a plane

[–] [email protected] 10 points 7 months ago

Yeah... it's very clickbatey to NOT include that detail.

[–] ouch 32 points 7 months ago (2 children)

Dan Goodin seems to write sensationalist articles of vulnerabilities. Then buried in a footnote you notice that the vulnerability doesn't really affect anyone in real world.

[–] [email protected] 7 points 7 months ago (1 children)

Yes, indeed. After posting this I did regret it later on.

[–] [email protected] 4 points 7 months ago

No, this is egregious, even for Dan. Don't feel bad. I called him out on the forums/article comments.

[–] [email protected] 5 points 7 months ago

So he's a journalist </s> Thanks for the warning, saved me a read.

[–] [email protected] 8 points 7 months ago

This is the best summary I could come up with:


Infrastructure used to maintain and distribute the Linux operating system kernel was infected for two years, starting in 2009, by sophisticated malware that managed to get a hold of one of the developers’ most closely guarded resources: the /etc/shadow files that stored encrypted password data for more than 550 system users, researchers said Tuesday.

The unknown attackers behind the compromise infected at least four servers inside kernel.org, the Internet domain underpinning the sprawling Linux development and distribution network, the researchers from security firm ESET said.

After obtaining the cryptographic hashes for 551 user accounts on the network, the attackers were able to convert half into plaintext passwords, likely through password-cracking techniques and the use of an advanced credential-stealing feature built into the malware.

Besides revealing the number of compromised user accounts, representatives of the Linux Kernel Organization provided no details other than saying that the infection:

A 47-page report summarizing Ebury's 15-year history said that the infection hitting the kernel.org network began in 2009, two years earlier than the domain was previously thought to have been compromised.

Representatives of the Linux Kernel Organization didn’t respond to emails asking if they were aware of the ESET report or if its claims were accurate.


The original article contains 493 words, the summary contains 201 words. Saved 59%. I'm a bot and I'm open source!

[–] heisenbug4242 3 points 7 months ago

I routinely skip arstechnica articles. Too much sensationalism (for example the notorious ZFS article). It also collects way too much data about its visitors.