For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Subscribe to
Computerworld 40 years of the most authoritative source of news and information for IT leaders.
Linux kernel attack thwarted
or
Other Linux and Unix Stories
|
|
|
|
November 07, 2003 (IDG News Service) -- An attempt by an unknown attacker to plant a Trojan virus in the Linux kernel has been blocked.
On Wednesday, kernel developers discovered that a server hosting a copy of the Linux source code had been compromised and that a Linux kernel file had been changed to allow the attacker unauthorized access to operating systems built with the affected source code.
The machine in question, Kernel.bkbits.net, hosted a version of the Linux source code that was used by only a handful of Linux developers, according to Larry McVoy, a maintainer of the machine. "It's not a very tightly secured machine. It's more of a kernel developers' playground," he said.
McVoy didn't consider the attack to be significant because the exploit was quickly identified and because the site in question is used by such a small number of developers. The compromise was detected and corrected within 12 hours, and the compromised source was downloaded by, at most, a handful of developers, McVoy estimated.
The Kernel.org and Linux.bkbits.net sites that are used by the vast majority of Linux developers, including companies like Red Hat Inc. and SUSE Linux AG, weren't affected by the attack, McVoy said. Had an attacker been able to plant the exploit on those machines, it would have been "a dramatically bad thing," McVoy said.
The attack illustrates both the strengths and weaknesses of Linux development, said Linux creator Linus Torvalds in an e-mail interview. "To some degree, the fact that kernel development is pretty distributed and there isn't a single kernel tree that is 'the' tree means that there's not a single point of failure," he said.
"That also means that there are more endpoint machines," he said. "So arguably there are more targets for cracking."
Kernel.bkbits.net will be returned to service in a few days, when the machine has had its hard drive replaced and a new operating system installed with security fixes, McVoy said.
Reprinted with permission from
For more news from IDG visit IDG.netStory copyright 2006 International Data Group. All rights reserved.
|
Print this Story |
|
Send Us Feedback |
|
E-mail this Story |
|
Digg this Story |
|
Slashdot this Story |
|
|
|
|
|
 |
|
All Zones Application Performance Zone Business Continuity Zone Data Center Management Zone Enterprise-Class Security Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone Business Intelligence and Analytics Zone |
 See your link here
|
 |
||||||||
| ||||||||
| ||||||||
| ||||||||
|
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Download this Technology Briefing now!
Long Tail Supplier Collaboration - What's In It For You? 
Download this white paper, free, compliments of Citrix. - Microsoft promises four patches next week
- Google gives away home-cooked Web application security scanner
- Storm botnet stages Fourth of July attacks
- More top stories
| HP StorageWorks EVA4400 Before now, midsize customers settled for either an expensive and complex array or low cost solution that lacked functionality. Now experience virtual storage with enterprise class functionality at an affordable price. View this product demo now
|
|
|
