Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Linux

Gentoo Linux Github Organization Repo Hack Was Down To a Series of Security Mistakes (betanews.com) 42

The team behind Gentoo Linux has revealed the reasons for the recent hack of its GitHub organization account. The short version: shoddy security. From a report: It seems that the hackers were able to gain access to the GitHub organization account by using the password of one of the organization administrators. By the team's own admission, poor security meant that the password was easy to guess. As the Register points out, "only luck limited the damage," but the Gentoo Linux team is keen to let it be known that it has learned a lot from the incident. In an entry on the Gentoo Linux wiki, there is a fairly detailed breakdown of what happened, how it happened, and what is being done to prevent it from happening again. The wiki entry summarizes the hack attack as follows: "An unknown entity gained control of an admin account for the Gentoo GitHub Organization and removed all access to the organization (and its repositories) from Gentoo developers. They then proceeded to make various changes to content. Gentoo Developers & Infrastructure escalated to GitHub support and the Gentoo Organization was frozen by GitHub staff. Gentoo has regained control of the Gentoo GitHub Organization and has reverted the bad commits and defaced content."
This discussion has been archived. No new comments can be posted.

Gentoo Linux Github Organization Repo Hack Was Down To a Series of Security Mistakes

Comments Filter:
  • 2FA? (Score:5, Insightful)

    by Bengie ( 1121981 ) on Friday July 06, 2018 @12:14PM (#56902588)
    Not using Two factor? Even with a weak password, 2FA helps immensely.
  • ... again. Call me crazy, but git is right up there with Linux itself in terms of advancing the art.

  • by 140Mandak262Jamuna ( 970587 ) on Friday July 06, 2018 @12:23PM (#56902650) Journal
    After guessing the password, the hacker blocked access to all other admins. Thus the hack was immediately realized.

    A more savvy hacker would have just used the password to merge unauthorized fraudulent commits. Thus the hack would have remained undetected.

    Must assume: There are more savvy hackers.

    Must assume: There are other repos with weak, guessable password.

    Must conclude: There are well hidden bombs ticking away in many more repositories.

  • It took just 4 minutes for someone to notice something was wrong, and less than an hour to begin remediation.

    In a closed-source organization, it sometimes takes months for them to figure out they've been compromised, and even longer to fix it; I once bought a Toshiba laptop that shipped with a virus, and didn't get the real fix for a few months afterward.

    • I’m not sure those two examples are even remotely comparable. And while I’m a fan of open source, let’s not pretend there haven’t been vulnerabilities like heartbleed which manage to linger, undiscovered, for months - or even years.

  • by xxxJonBoyxxx ( 565205 ) on Friday July 06, 2018 @12:52PM (#56902844)
    >> shitty admin password in 2018

    So...Gentoo has assured us this is the only half-assed shortcut they've taken, right? OK, seems legit.
  • by Anonymous Coward on Friday July 06, 2018 @01:24PM (#56903022)

    In an entry on the Gentoo Linux wiki [gentoo.org], there is a fairly detailed breakdown of what happened, how it happened, and what is being done to prevent it from happening again.

    You suck M'Smash. Leave.

If you aren't rich you should always look useful. -- Louis-Ferdinand Celine

Working...