Skip to content

Posts tagged ‘root’

1
Sep

Kernel.org Compromised, OpenSSH Source Not Backdoored

Kernel.org, the primary site for the Linux kernel source, was compromised sometime in August. It is believed that the attackers gained access using compromised user credentials, and then escalated their privileges to root. Early pieces of information implied that some OpenSSH source code was stored on the compromised Kernel.org server(s), apparently this may not be the case. So far the investigation has found that several modifications were made to the compiled OpenSSH client and server binaries running on the system to log user activity. The full extent of the changes is not yet known, and nobody has yet come forward to claim this hack.

If you’ve installed or updated your kernel or OpenSSH recently, you may want to reinstall from a known good version, although it is not yet known if any kernel sources were modified. Although in this case OpenSSH wasn’t compromised, admins can consider running some form of Single Packet Authorization, such as fwknop, as an additional layer of protection for your SSH server against these kinds of issues (backdoors) and other potential future 0days.

Hopefully more info will come to light as the investigation progresses. Hit the jump for more details.

Read moreRead more

14
Apr

WordPress.com Hacked and Rooted (but not exposed?)

WordPress.com (the blog hosting platform) was compromised by hackers using an undisclosed vulnerability. My guess is the attackers found an unpatched server somewhere, and used that to get into the environment. Information from Automattic is limited, but they’re assuming that source code and other information was probably stolen. Nobody has come forth to claim the hack, or post WordPress’ source code and account information online, Gawker-style.

If you have a blog on WordPress.com, I recommend changing your password there (and on any other site where you may have used the same password). If you host your own WordPress blog, there isn’t cause for concern just yet as there are many ways that the hackers could have gotten root access, so the vulnerability used may not be within the WordPress software itself.

I’ll update this post should any more information come to light.

css.php