Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Kernel.org Hacked & Rooted
1. Kernel.org hacked & rooted - 09-01-2011
by Intizone - Intizone - Tech Savvy's Choice, Tech Blog on Latest News, hosting, reviews, howto, freebies -
http://intizone.net
Kernel.org hacked & rooted
by Intizone - Thursday, September 01, 2011
http://intizone.net/2011/09/01/kernel-org-hacked-rooted/
Kernel.org - The Core of Linux
Kernel.org introduction
Kernel.org serves the kernel of linux which is the core of linux in running every single hardware and
software. Without the kernel, a computer simply cannot boot up as it cannot connect to the hardware.
Summary
Kernel.org's server was hacked and rooted and measures have been taken to solve the issue with the help
of authorities.
Attack initiation date: 12th August 2011
Attack discoveration: 28th August 2011
Measures Taken to solve the problem:
1. Full reinstallation of server.
2. Notify authorities to investigate the attack.
3. Checking on the files in git.
Kernel.org Hacked & Rooted Full Story
The discovering of the hack and root of kernel.org
page 1 / 2
2. Kernel.org hacked & rooted - 09-01-2011
by Intizone - Intizone - Tech Savvy's Choice, Tech Blog on Latest News, hosting, reviews, howto, freebies -
http://intizone.net
Well, the story first started on 12th August. Server Hera was hacked and rooted. The server may be
exploited due to the fact that an user's information was compromised. SSH passwords were changed and a
rootkit called Phalanx was injected to the system. User's actions are logged and exploit codes are being
run.
The discover of trojan and rootkit
The trojan was discovered due to the Xnest /dev/mem error message w/o Xnest installed. However, it is
unknown whether the systems with this error message are vulnerable or not. This discover was made on
28th August.
Actions taken on the hack and root of kernel.org
The boxes are taken offline and backups and reinstallations are done. Besides, the authorities in Europe
and United States are also notified to help kernel.org in the investigation of the attack. Analysis on the
code within the git will be taken to confirm that no file has been injected with the rootkit or trojan.
My Opinion on this attack incident
I think that there must be a flaw on the server or it may due to a human flaw so the server administrators
must be alert and check their logs daily to prevent such an incident from bringing a greater damage to the
world as almost every servers in the world uses Linux based distro as their server.
page 2 / 2
Powered by TCPDF (www.tcpdf.org)