From the ‘So Say We All’ files:
I’m a huge fan of The Linux Foundation. It has had an incredibly positive impact on the Linux landscape. It is a unique vendor neutral organization that is an essential and integral part of Linux.
The Linux Foundation this week was hit by a security breach that has taken its sites including LinuxFoundation.org and Linux.com offline.
Yes, I really feel for the Linux Foundation, I know from experience that dealing with security breaches is a time consuming and involving process. Forensic analysis of logs and events is a challenging thing to do, especially when it’s not entirely clear what you’re looking for.
It’s not clear at this point precisely where the breach came from that hit the Linux Foundation. I suspect (not having any direct information other than what has been publicly disclosed) is that one user was somehow taken over (via password sniffing or..?) and then that account was used as a basis for some kind of privilege escalation within the system. It’s not an uncommon scenario and one that isn’t easy to deal with.
The Linux Foundation has disclosed that they don’t store passwords in plaintext.
“However an attacker with access to stored password would have direct access to conduct a brute force attack,” the Foundation has stated.
In any event, this is something that I hear about both theoretically and otherwise in session after session at Black Hat in any given year. None of us are immune.
I personally wish the great people at the Linux Foundation the best of luck and success in quickly identifying root cause. I also hope they can quickly come up with best practices to prevent such incidents in the future.
While I know that a breach is not something anyone ever wants, I would suspect that out of this event, the Linux Foundation and its’ sites will be even more secure than before.
As a user and fan of all things that the Linux Foundation does, I’m looking forward to their quick return to full service.