Linux.com 遭受入侵(更新)
Linux 基金会旗下的 Linux.com 和 LinuxFoundation.org 网站,由于发现安全漏洞,进入离线维护状态。感谢 gbraad 提供消息
以下是离线通知全文:
Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. The Linux Foundation made this decision in the interest of extreme caution and security best practices. We believe this breach was connected to the intrusion on kernel.org.
We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update this statement when we have more information.
We apologize for the inconvenience. We are taking this matter seriously and appreciate your patience. The Linux Foundation infrastructure houses a variety of services and programs including Linux.com, Open Printing, Linux Mark, Linux Foundation events and others, but does not include the Linux kernel or its code repositories.
Please contact us at info@linuxfoundation.org with questions about this matter.
The Linux Foundation
其中透露这起安全漏洞导致的隐患与前段时间对于 Kernel.org
的入侵有关。为了安全起见,请更改在 Linux.com LinuxFoundation.org
上使用的密码和 SSH
密钥。如果也在其他站点上使用了相同密码的话,请立即更改。
2011/9/13 日更新:
- 所有服务将在数日内恢复。
- 密码(显然)并非明文存储,但是黑客依然对获得的加密信息在用暴力破解的方式获知,取决于密码强度。该方式的详细信息参见此文。
- Linux.com 的邮件依然工作,并且安全。
- 目前还不清楚攻击者的身份及来源,正在调查中。
