Linux Kernel Org Hacked

For discussions about security.
Post Reply
Message
Author
User avatar
sszindian
Posts: 807
Joined: Sun 25 Apr 2010, 02:14
Location: Pennsylvania U.S.

Linux Kernel Org Hacked

#1 Post by sszindian »

OK boys/girls, it's time for Puppy to put up his ears, go on-point and start taking 'Security' more seriously!!!!
-----------------------------------------------------
According to recent news from:

http://www.theregister.co.uk/2011/08/31 ... ty_breach/

Updated: Multiple servers used to maintain and distribute the Linux operating system were infected with malware that gained root access, modified system software, and logged passwords and transactions of the people who used them, the official Linux Kernel Organization has confirmed.

The infection occurred no later than August 12 and wasn't detected for another 17 days, according to an email John "'Warthog9" Hawley, the chief administrator of kernel.org, sent to developers on Monday. It said a trojan was found on the personal machine of kernel developer H Peter Anvin and later on the kernel.org servers known as Hera and Odin1. A secure shell client used to remotely access servers was modified, and passwords and user interactions were logged during the compromise.

and there's more at the above link if you want to go read it.
-------------------------------------------------------
If this can be accomplished with the Linux Kernel Org., there is no reason to even think it can't happen to the Puppy community.

Myself, running strictly Linux, no Windows, even my HDD is formatted for Linux Only, have in the past week experienced some odd behavior it started when running one of the more-recent puppy versions...

I run two (2) drives in my system- a regular CD ROM drive and a DVD ROM R/W drive. I very seldom use the CD ROM drive except for duping an occasional CD. The DVD ROM is my main drive where I boot all puppy versions from.

The odd behavior is my CD ROM drive randomly opening and closing, sometimes in the morning, sometimes in the evening but for sure like clock-work every day at various times, it repeats opening and closing 3 or 4 times before stopping and staying open for some time, if I leave it, eventually it will close and repeat the process. I (at the present) do not believe it's a malware on the HDD as I have 3 HDD's... 2 running different versions of Puppy's 1 running JoliOS and the same thing is happening on one of the Puppy HDD's AND the JoliOS HDD (haven't used the 3rd HDD as yet). I am more suspect to a hacker trying to gain access to my system. This behavior has all the symptoms of a VIRUS but a hacker could just as easily replicate the process.

At this time it appears no damage was done to my system or the programs I use and I am still going through files to search for a malware just in case! If the Linux Kernel.org can't figure out what exactly happened to them, I doubt I'll ever find it if it is in fact a malware hopping around between these two HDD's.

About two-years ago when I was running XP Windows, a hacker gained access and 'Flashed My BIOS or motherboard' Nothing would fire that system up again! I actually watched him trying to gain access to my computer for over a week but I had the best AV installed at the time so thought it was kind of funny, 'He Won!' and I learned another good lesson in life! so hackers can cause damage without even gaining access to your system or HDD.

At any rate, I'm still using that version of Puppy, mostly with the CD ROM disconnected completely and trying to find out what's going on. In the meantime, if anyone else is having odd-things happening to their computer, please take the time to post it, maybe a pattern of sorts will help determine exactly whats going on.

One thing for sure, it's not a joke or laughing matter any more, we got to beef-up Puppy somehow.

>>>---Indian------>
Cloud Computing For Every Puppy (a .pet)
[url]http://murga-linux.com/puppy/viewtopic.php?t=69192[/url]

p310don
Posts: 1492
Joined: Tue 19 May 2009, 23:11
Location: Brisbane, Australia

#2 Post by p310don »

Interesting happenings at your place Indian.

Sounds to me like hardware giving you issues...

I have an easy test for you if you like. Put a Puppy CD into your PC, boot it with pfix=ram, so its just Puppy, and let it run for a day. If you still have drive opening and closing issues, I'm gonna say its a hardware issue on your machine, and nothing to worry about, at this stage.

If you wanted to test further, you could add things one at a time to replicate your current setup, web browser, flash etc. If something happens at the instance of installing that one component, then you know that is the security hole.

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#3 Post by Sylvander »

I had a very similar thing happen a few weeks back.

1. I clicked on a link here at the Puppy forums...
Was taken to a webpage to play a video...
Video began playing.
About 1/3 of the way in, strange things began to happen.
Pmount window opened...
The file system on the Puppy CD-RW was mounted.
A ROX window opened displaying the files on the CD.

2. I closed the Pmount window.
Closed the ROX window.
Opened the drawer of the DVD-RW drive and removed the CD.

3. Multiple Pmount windows began to open one after the other.
Tried closing them down, but more kept on opening.

4. Hit Ctrl+Alt+backspace to drop to a command prompt and entered the command reboot.

5. Once back into Puppy, the problem was still there.
Decided my lupusave [for Lupu-526] had been compromised, so...

6. Rebooted into Wary-513...
Deleted the lupusave in use, and replaced it with a recent backup copy.

7. Rebooted into Lupu-526, and used the new lupusave, and the problem was GONE!
Or at least there were no longer any signs of a problem. :D

User avatar
sszindian
Posts: 807
Joined: Sun 25 Apr 2010, 02:14
Location: Pennsylvania U.S.

CD problems!

#4 Post by sszindian »

p310don:

Yes... I realize it could just be a hardware problem, possibly the CD drive is failing as it is old but, the symptoms for a virus and HD fail are identical so everything must be checked, which I'll be doing, even the BIOS itself! That back-door the kernel.org left open in their builds could give us headaches for some time to come I'm afraid.

"Thanks"

>>>---Indian------>
Cloud Computing For Every Puppy (a .pet)
[url]http://murga-linux.com/puppy/viewtopic.php?t=69192[/url]

PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#5 Post by PaulBx1 »

Sounds like those Linux kernel servers ought to be running OpenBSD, which is protected by a herd of masturbating monkeys. :lol:

User avatar
cowboy
Posts: 250
Joined: Thu 03 Feb 2011, 22:04
Location: North America; the Western Hemisphere; Yonder

similar problems

#6 Post by cowboy »

Sylvander wrote:I had a very similar thing happen a few weeks back.

1. I clicked on a link here at the Puppy forums...
Was taken to a webpage to play a video...
Sylvander, I had similar difficulties, and I bet we clicked the same link to the same story - one posted where a puppy user was having trouble playing a video from a French TV station?

I also went there, and found that my drives lights kept coming on. C drive would run, then any attached USB drives would light up. Sort of cycling through all my attached peripheral drives. Believe I was running Lucid 5.2.5 at the time. Started over with a new savefile, and the problems stopped. Very odd. Always wondered if there was some sort of a menacing Flash virus there.
[i]"you fix what you can fix and you let the rest go.."[/i] - Cormac McCarthy - No Country For Old Men.

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#7 Post by Flash »

I hate to keep beating a dead horse, but if you guys had been running Puppy from a multisession DVD when you suspected you caught some malware, all you'd have to do to get rid of it, no harm done, is reboot without saving. :)

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#8 Post by nooby »

Flash wrote:I hate to keep beating a dead horse, but if you guys had been running Puppy from a multisession DVD when you suspected you caught some malware, all you'd have to do to get rid of it, no harm done, is reboot without saving. :)
That is true and sure I can buy some adapter that do allow me to run and external CD or DVD player on my Netbook that is too small to have a standard CD/DVD player in it.

But I hate the sound of things that spin so I place my computer high up on a book shelf hidden so it is barely audible even when the fan starts whining. :) Burners when they spin can be rather noisy.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
8-bit
Posts: 3406
Joined: Wed 04 Apr 2007, 03:37
Location: Oregon

#9 Post by 8-bit »

Flash,
You better stop beating that dead horse. It just might come back from the dead and stomp you. :lol:
Your case will only help those that do not have a hard drive or USB storage device attached.
If a site is mounting any storage device it finds on your PC, it also has a chance to inject malware to that mounted device.
The best thing is to stay away from sites that try to mess with your PC.

To be truly secure in being set up like you, one would have to remove all storage devices from the PC except for the DVD/CD drive and only attach a storage device long enough to save data that one did not want to be part of their session on a multi-session CD/DVD.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#10 Post by nooby »

I trust 8-bit on this. I have read a lot about it out of curiosity
and even if that does not make me an expert as I remember
everybody agree with 8-bit on that.
Your case will only help those that do not have a hard drive or USB storage device attached.

If a site is mounting any storage device it finds on your PC, it also has a chance to inject malware to that mounted device.
The best thing is to stay away from sites that try to mess with your PC.
But 8-bit you are way too optimistic. The experts says that each week some 10 000 to 100 000 perfectly normal sites that has nothing to do
with places one should not visit them do have injection scripts that
use clever ways of infecting our computers.

if I go to sites about mountain bikes, motor bikes, cars, buying houses buying clothes, food, pizza, kebab, veggie food, organic farming, cities tourist information, whatever. all perfectly normal places

them criminals do place such codes on them by using holes in the htlm so one need to be good at programming to know them have been tampered with.

But you are right that it is even worse if one go to sites that are NSFW and such. But one are not safe if one stay away from the NSFW them tell us.

PCWorld and McAfee and such have been warning and BBC world service their Tech pages.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Dave_G
Posts: 453
Joined: Thu 21 Jul 2011, 13:53

#11 Post by Dave_G »

I guess there is an inherent risk visiting any web page.
I wonder how much of a shield Google translate would be against
these threats?

For example let's say you happen to be bilingual, then you could use
big brothers translate service.

For example:

http://translate.google.com/translate?h ... Findex.php

or especially for nooby:

http://translate.google.com/translate?h ... Findex.php

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#12 Post by nooby »

google do warn for some pages. They tell me them have code in them.
So usually I don't go there regardless if I find it interesting.

Say it is a page about atheists and Christians fighting about if Jesus really have exists but some criminal has placed such bad code on it without the
owner realizing it. Then I want to read but not get the bad code.

So I try to find same text on another site them don't warn has that code.

Edit. I know I write bad English but I am more used to read in English
than I am used to read in Swedish so even if I stumble on a lot of English words I do prefer to read in the original English text and not rely on bad translation. I could accept to have a parallel text though. To see the original and only have to look at translation when needed.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Dave_G
Posts: 453
Joined: Thu 21 Jul 2011, 13:53

#13 Post by Dave_G »

Hi nooby,

Don't worry your English is 1000 times better then my Swedish.

What I meant is that perhaps Google will filter some of the
malicious code when using their translate service as they first read
the original page then parse it to you.

Dave.

User avatar
Dave_G
Posts: 453
Joined: Thu 21 Jul 2011, 13:53

#14 Post by Dave_G »

It could be quite interesting to get one of those malicious webpages
and download it using 'curl' and then analyzing the webpage's source.

I think it would be safe to "get" the webpage as follows:

curl -i -X GET http://The_suspect_page.htm > /some/dir/SomeName.txt

Then reading it with Geany.
I suspect that it would be safe to download the page like that as there is no
web browser involved, but since I don't exactly know the inner workings
of curl and GET, I would appreciate comments from those that know more
about this.

Dave.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#15 Post by nooby »

yesterday or the day before I mean Friday or Saturday or could it have been Thursday even?
Anyway there was a link to this
http://tuxradar.com/content/bitdefender ... rus-unices
Now that is very remotely related to linux kernel org but it has to do with security.

Them comparing many different AntiVirus products for Linux.
I fail to find that thread now. Have searched for some 4 hours.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
sszindian
Posts: 807
Joined: Sun 25 Apr 2010, 02:14
Location: Pennsylvania U.S.

Kernel Back!

#16 Post by sszindian »

SECURITY: Kernel.org is Back!
(Oct 4, 2011, 15:00 UTC) (913 reads) (0 talkbacks) (feedback)
InternetNews: After being offline for just over a month, kernel.org is up and running today.

http://www.internetnews.com/blog/skerne ... -back.html

kernel.org status: hints on how to check your machine for intrusion
[Posted October 1, 2011 by corbet]

https://lwn.net/Articles/461237/

>>>---Indian------>
Cloud Computing For Every Puppy (a .pet)
[url]http://murga-linux.com/puppy/viewtopic.php?t=69192[/url]

Post Reply