Computerworld
Home News Blogs ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Linux
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
 

Print edition

Linux kernel attack thwarted

An unknown attacker tired to plant a Trojan virus in the Linux kernel

By Robert McMillan
November 7, 2003 12:00 PM ET
Recommended
(0)
Digg
Share/Email

IDG News Service - An attempt by an unknown attacker to plant a Trojan virus in the Linux kernel has been blocked.
On Wednesday, kernel developers discovered that a server hosting a copy of the Linux source code had been compromised and that a Linux kernel file had been changed to allow the attacker unauthorized access to operating systems built with the affected source code.
The machine in question, Kernel.bkbits.net, hosted a version of the Linux source code that was used by only a handful of Linux developers, according to Larry McVoy, a maintainer of the machine. "It's not a very tightly secured machine. It's more of a kernel developers' playground," he said.
McVoy didn't consider the attack to be significant because the exploit was quickly identified and because the site in question is used by such a small number of developers. The compromise was detected and corrected within 12 hours, and the compromised source was downloaded by, at most, a handful of developers, McVoy estimated.
The Kernel.org and Linux.bkbits.net sites that are used by the vast majority of Linux developers, including companies like Red Hat Inc. and SUSE Linux AG, weren't affected by the attack, McVoy said. Had an attacker been able to plant the exploit on those machines, it would have been "a dramatically bad thing," McVoy said.
The attack illustrates both the strengths and weaknesses of Linux development, said Linux creator Linus Torvalds in an e-mail interview. "To some degree, the fact that kernel development is pretty distributed and there isn't a single kernel tree that is 'the' tree means that there's not a single point of failure," he said.
"That also means that there are more endpoint machines," he said. "So arguably there are more targets for cracking."
Kernel.bkbits.net will be returned to service in a few days, when the machine has had its hard drive replaced and a new operating system installed with security fixes, McVoy said.





Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints

Additional Resources

POLL RESULTS
Leading IT Pros Weigh In on Top IT Issues
Accelerate your knowledge of the IT world you inhabit by viewing the results of a series of polls taken by your IT peers. These polls of 100+ IT professionals each are available for full viewing. They cover key topics such as virtualization, processor performance, green IT, cloud computing and many others. Be a part of the buzz.
WHITE PAPER
For Best Results, Think Beyond the Box
Technology is complex. Keeping it running productively shouldn't be. To that end, you want to minimize the number of solutions needed in-house to simplify operations, maintenance, and support. Kodak offers a best-practices model. One company provides support for both scanner and software, for fast problem resolution without vendor finger-pointing. Download now!
WHITE PAPER
Accelerating the Path to Demand Intelligence with a Demand Signal Repository
Utilizing demand intelligence improves the precision of pricing, product assortments, channel/store placement, and promotion, which are all essential for sustainable revenue management performance. Learn more, download this free whitepaper today.

White Papers & Webcasts

Accelerate SSL Encrypted Applications
The amount of SSL traffic is growing in the enterprise. Because it is encrypted, it cannot be properly controlled and accelerated. Blue Coat...  

IDC Webcast: Linux Adoption in a Global Recession
Join Al Gillen from IDC and Michael Applebaum from Novell in this on-demand webcast to see how Linux has emerged as an even...

ESG Lab Field Audit
Many companies have successfully implemented Riverbed WAN optimization solutions within their Cisco networks. This ESG Lab Field Audit document explores the success that...  

Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....

Shape Your Apps Strategy to Reflect New SaaS Licensing and Pricing Trends
Why are smart companies choosing software-as-a-service? Find out in the complimentary Forrester Research report...  

The Value of Real SaaS at Workday
Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll....

Natural User Interface for Enterprise Applications
Learn how a revolutionary user interface can make a complex enterprise application so intuitive even casual users can jump right in....  

SaaS at Flextronics, Inc.
Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution....

A Truly Global HCM System
Learn about a system built with advanced object-oriented technology that support multi-national requirements and costs less to implement, maintain and upgrade....  

Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...

All White Papers | All Webcasts

Computerworld Reports

An Interactive eBook: Enterprise Security

The Business Case for Server Virtualization

Computerworld Technology Briefing: Intelligent Users Use Business Intelligence

All Computerworld Reports
 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.