 |
|
DAILY NEWS AND INFORMATION
FOR THE GLOBAL GRID COMMUNITY /
|
Breaking News -
Security:
Attack On Linux Kernel
Discovered
A Trojan horse, which was inserted into a copy of Linux Kernel source code,
was detected during a routine integrity check of the operating system last
week. Although the code was placed into a relatively inactive part of the
kernel, it could have given root access to an unauthorized user.
Thought to have been made at about 2 a.m. Nov. 5 in the publicly accessible
Concurrent Versions System database, the change appeared to have been made by
a Linux developer. It was flagged about four hours later because it did not
show up in a reference copy of the source code.
The attack is though to be the first attempt to corrupt the operating
system,
which is gaining popularity in large data centers and government institutions
alike.
In fact, the Energy Department Lawrence Livermore National Laboratory's
Linux
cluster is the third fastest supercomputer in the world.
The compromised server was shut down and investigated. It appeared to have
been hacked from a university computer, which had in turn been hacked by a
third party. The university is working to trace the source of the attack.
The Linux kernel is a high-profile Open Source development project, and the
security of the code is enhanced by the number of people who examine it.
The incident also is an impetus to enhance BitKeeper with the ability to
digitally sign changes made to code.
|