Linux Foundation Hit by Attack

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  

The Linux Foundation has shutdown both the and Web sites after discovering a potential security breach.

The Linux Foundation alerted its users in an email sent Sunday night, reporting that a security breach was discovered on September 8th. The breach may have compromised user information including passwords and email addresses.

According to the Linux Foundation, the breach is connected to the attack on the site which was first publicly reported last week. Though the breach was just discovered last week, the actual attack on may have occurred as early as August 12th. It's unclear at this point, when the Linux Foundation's sites were breached.

The website is still currently offline and maintainers have not provided a timeline as to when the site service will be restored. The Web site is home to the primary Linux kernel development repositories. Linux kernel development has continued despite the shutdown, with development repositories hosted on the Github development site.

As is the case with, the Linux Foundation's websites are currently offline as administrators do software re-installations.

"Linux Foundation services will be put back up as they become available," the Linux Foundation wrote in its email to users. "We are working around the clock to expedite this process and are working with authorities in the United States and in Europe to assist with the investigation."

From a user perspective, the breach of the Linux Foundation's sites also represents a risk that requires user action.

"As with any intrusion and as a matter of caution, you should consider the passwords and SSH keys that you have used on these sites compromised," The Linux Foundation warned. "If you have reused these passwords on other sites, please change them immediately."

The Linux Foundation is the leading organization in the Linux community and home to creator Linus Torvalds. The Linux Foundation acquired the website in March of 2009 from SourceForge. Both the and websites are primarily informational websites, with user accounts for commenting and blogs.

Though the impact of the security issues is limited, the breaches of, and have the potential to damage the reputation of Linux security, according to at least one security researcher.

"I'm still struggling to decide quite what the Loony Linux Lovers -- those who insist that Linux is immune to malware -- will make of this episode," Paul Ducklin is Sophos's head of technology, wrote in a blog post. "While Linux malware is not new, this is probably the closest it has ever come to the heart of their beloved operating system."

Sean Michael Kerner is a senior editor at, the news service of, the network for technology professionals.

Submit a Comment

Loading Comments...