انجمن‌های فارسی اوبونتو

لطفاً به انجمن‌ها وارد شده و یا جهت ورود ثبت‌نام نمائید

لطفاً جهت ورود نام کاربری و رمز عبورتان را وارد نمائید


ارائه ۲۴٫۱۰ اوبونتو منتشر شد 🎉

نویسنده موضوع: سرورهایه kernel.org هک شدند  (دفعات بازدید: 1966 بار)

0 کاربر و 1 مهمان درحال مشاهده موضوع.

آفلاین alieblice

  • High Hero Member
  • *
  • ارسال: 1275
سرورهایه kernel.org هک شدند
« : 21 شهریور 1390، 01:43 ق‌ظ »
سلام دوستان

بعضی از سرور هایه kernel.org  که در اون جا میشه کرنل لینوکس رو دانلود کرد هک شدن
نکته : خوده سایت kernel.org هک نشده
به همین دلیل برایه رفع امنیت سایت kernel.org غیر قابا دسترس خواهدبود
اینم عکسش


برایه دوستانی که عضو سایت بودن یک ایمیل با محتوایه زیر میاد :

The Linux Foundation info@linuxfoundation.org to me

Attention Linux.com and LinuxFoundation.org users,

 We are writing you because you have an account on Linux.com,
 LinuxFoundation.org, or one of the subdomains associated with these domains.
 On September 8, 2011, we discovered a security breach that may have
 compromised your username, password, email address and other information you
 have given to us. We believe this breach was connected to the intrusion on
kernel.org.

 As with any intrusion and as a matter of caution, you should consider the
 passwords and SSH keys that you have used on these sites compromised. If you
 have reused these passwords on other sites, please change them immediately.
 We are currently auditing all systems and will update public statements when
 we have more information.

 We have taken all Linux Foundation servers offline to do complete
 re-installs. Linux Foundation services will be put back up as they become
 available. We are working around the clock to expedite this process and are
 working with authorities in the United States and in Europe to assist with
 the investigation.

 The Linux Foundation takes the security of its infrastructure and that of
 its members extremely seriously and are pursuing all avenues to investigate
 this attack and prevent future ones. We apologize for this inconvenience and
 will communicate updates as we have them.

 Please contact us at info@linuxfoundation.org with questions about this
 matter.

 The Linux Foundation

متن اخبار در سایت kernel.org

Site News

Security breach on kernel.org



 Earlier this month, a number of servers in the kernel.org infrastructure were compromised. We discovered this August 28th. While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure.



What happened?



 Intruders gained root access on the server Hera. We believe they may have gained this access via a compromised user credential; how they managed to exploit that to root access is currently unknown and is being investigated.
 Files belonging to ssh (openssh, openssh-server and openssh-clients) were modified and running live.
 A trojan startup file was added to the system start up scripts
 User interactions were logged, as well as some exploit code. We have retained this for now.
 Trojan initially discovered due to the Xnest /dev/mem error message w/o Xnest installed; have been seen on other systems. It is unclear if systems that exhibit this message are susceptible, compromised or not. If developers see this, and you don't have Xnest installed, please investigate.
 It *appears* that 3.1-rc2 might have blocked the exploit injector, we don't know if this is intentional or a side affect of another bugfix or change.




What Has Been Done so far:



 We have currently taken boxes off line to do a backup and are in the process of doing complete reinstalls.
 We have notified authorities in the United States and in Europe to assist with the investigation
 We will be doing a full reinstall on all boxes on kernel.org
 We are in the process of doing an analysis on the code within git, and the tarballs to confirm that nothing has been modified



 The Linux community and kernel.org take the security of the kernel.org domain extremely seriously, and are pursuing all avenues to investigate this attack and prevent future ones.



 However, it's also useful to note that the potential damage of cracking kernel.org is far less than typical software repositories. That's because kernel development takes place using the git distributed revision control system, designed by Linus Torvalds. For each of the nearly 40,000 files in the Linux kernel, a cryptographically secure SHA-1 hash is calculated to uniquely define the exact contents of that file. Git is designed so that the name of each version of the kernel depends upon the complete development history leading up to that version. Once it is published, it is not possible to change the old versions without it being noticed.



 Those files and the corresponding hashes exist not just on the kernel.org machine and its mirrors, but on the hard drives of each several thousand kernel developers, distribution maintainers, and other users of kernel.org. Any tampering with any file in the kernel.org repository would immediately be noticed by each developer as they updated their personal repository, which most do daily.



 We are currently working with the 448 users of kernel.org to change their credentials and change their SSH keys.



 We are also currently auditing all security policies to make kernel.org more secure, but are confident that our systems, specifically git, have excellent design to prevent real damage from these types of at

آفلاین alieblice

  • High Hero Member
  • *
  • ارسال: 1275
پاسخ به: سرورهایه kernel.org هک شدند
« پاسخ #1 : 21 شهریور 1390، 02:46 ق‌ظ »

آفلاین sofy

  • Newbie
  • *
  • ارسال: 20
پاسخ به: سرورهایه kernel.org هک شدند
« پاسخ #2 : 03 مهر 1390، 02:22 ب‌ظ »
کسی خبر نداره سایت کی بکار می افته؟ :(

آفلاین alieblice

  • High Hero Member
  • *
  • ارسال: 1275
پاسخ به: سرورهایه kernel.org هک شدند
« پاسخ #3 : 03 مهر 1390، 10:57 ب‌ظ »
من جایی چیزی ندیدم

خیلی دیگه داره طول میکشه برگشتن سایت
این طور که پیش میره فکر کنم رلیز بعدی کرنل کنسل بشه البته اگه کارایه سایت به کرنل ربطی داشته باشه

آفلاین bijanbina

  • Full Member
  • *
  • ارسال: 200
  • جنسیت : پسر
  • جذاب دو عالم
    • بیژن بینایی
پاسخ به: سرورهایه kernel.org هک شدند
« پاسخ #4 : 04 مهر 1390، 07:10 ب‌ظ »
اولا سایت بصورتی که شما گفتی کامل دست هکر ها نیفتاده تنها بخشی از این سایت که مربوط به git بوده دستشون افتاده که سریع هم جلوشو گرفتن در حال حاضر هم لینوکس در github موجوده و خیلی لازم نیست برای برگشتنش عجله کنید
تمام  سورس ها به github به نام پروژه لینوکس انتقال داده شده اند

آفلاین parsaz

  • Full Member
  • *
  • ارسال: 124
پاسخ به: سرورهایه kernel.org هک شدند
« پاسخ #5 : 04 مهر 1390، 10:31 ب‌ظ »
الان من نیاز به آخرین نسخه کرنل دارم کسی از دوستان نداره ؟
 
اگه میتونید یک لینک دانلود بدید یا اگه میشه جایی آپلود کنید (البته حدودا 60 مگ هست  ::))

اگه لطف کنید یک کمکی کنید ممنون میشم .

آفلاین دانیال بهزادی

  • ناظر انجمن
  • *
  • ارسال: 19722
  • جنسیت : پسر
  • Urahara Kiesuke
    • وبلاگ
پاسخ به: سرورهایه kernel.org هک شدند
« پاسخ #6 : 07 مهر 1390، 08:14 ق‌ظ »
الان من نیاز به آخرین نسخه کرنل دارم کسی از دوستان نداره ؟
 
اگه میتونید یک لینک دانلود بدید یا اگه میشه جایی آپلود کنید (البته حدودا 60 مگ هست  ::))

اگه لطف کنید یک کمکی کنید ممنون میشم .

https://github.com/torvalds/linux
اگه این ارسال بهت کمک کرد، دنبال دکمهٔ تشکر نگرد. به جاش تو هم به جامعهٔ آزادت کمک کن