Home Security Breach hits Linux Foundation Servers

Security Breach hits Linux Foundation Servers

The Servers of Linux.com and LinuxFoundation.org and associated subdomains are currently down. On September the 8th a security breach was discovered that may have compromised registered users usernames, passwords, email addresses and other additional information. This breach is believed to be connected to the intrusion on kernel.org.
As with any intrusion the Linux Foundation are advising that you should consider these passwords and SSH keys that you have used on these sites as compromised.

If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update public statements when we have more information.

All Linux Foundation servers are currently offline to do complete system re-installs.
Please contact the linux foundation at [email protected] with questions about this matter.
Visitors to the LinuxFoundation.org website are currently greated with the following message:

Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011. The Linux Foundation made this decision in the interest of extreme caution and security best practices. We believe this breach was connected to the intrusion on kernel.org.
We are in the process of restoring services in a secure manner as quickly as possible. As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised. If you have reused these passwords on other sites, please change them immediately. We are currently auditing all systems and will update this statement when we have more information.
We apologize for the inconvenience. We are taking this matter seriously and appreciate your patience. The Linux Foundation infrastructure houses a variety of services and programs including Linux.com, Open Printing, Linux Mark, Linux Foundation events and others, but does not include the Linux kernel or its code repositories.
Please contact us at [email protected] with questions about this matter.
The Linux Foundation
*** UPDATE***
We want to thank you for your questions and your support. We hope this FAQ can help address some of your inquiries.
Q: When will Linux Foundation services, such as events, training and Linux.com be back online?
Our team is working around the clock to restore these important services. We are working with authorities and exercising both extreme caution and diligence. Services will begin coming back online in the coming days and will keep you informed every step of the way.
Q: Were passwords stored in plaintext?
The Linux Foundation does not store passwords in plaintext. However an attacker with access to stored password would have direct access to conduct a brute force attack. An in-depth analysis of direct-access brute forcing, as it relates to password strength, can be read at http://www.schneier.com/blog/archives/2007/01/choosing_secure.html. We encourage you to use extreme caution, as is the case in any security breach, and discontinue the use of that password if you re-use it across other sites.
Q: Does my Linux.com email address work?
Yes, Linux.com email addresses are working and safe to use.
Q: What do you know about the source of the attack?
We are aggressively investigating the source of the attack. Unfortunately, we can’t elaborate on this for the time being.
Q: Is there anything I can do to help?
We want to thank everyone who has expressed their support while we address this breach. We ask you to be patient as we do everything possible to restore services as quickly as possible.


About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.