You are not logged in.

#26 2011-09-13 08:09:35

xunil9025
Member
Registered: 2011-02-26
Posts: 61

Re: kernel.org - Security Breach

It was the Cia also don't trust anonymouse hackers they are the government they got the most powerful hacking computers! They want to put back doors in every communication, it's like what they did in Windows. They try to take over Linux but they failed, we should improve arch Linux with better security checking packages Pacman needs something like Paccheck script.

Read this it's the famous NSA backdoor in XP!

http://en.wikipedia.org/wiki/NSAKEY

I recommend not to use any windows if you care about privacy.

Watch out Bigbrother is watching you!!

Last edited by xunil9025 (2011-09-13 17:33:03)

Offline

#27 2011-09-13 18:41:26

dodo3773
Member
Registered: 2011-03-17
Posts: 801

Re: kernel.org - Security Breach

xunil9025 wrote:

They try to take over Linux but they failed, we should improve arch Linux with better security checking packages Pacman needs something like Paccheck script.

How do we know they failed? Has the kernel been verified line by line to make sure it has not been tampered with? Is anyone working on this now? I have the exact same suspicion as you. My feeling is that checksum verification will not work / is not good enough to know for sure.

Offline

#28 2011-09-13 18:48:42

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: kernel.org - Security Breach

dodo3773 wrote:
xunil9025 wrote:

They try to take over Linux but they failed, we should improve arch Linux with better security checking packages Pacman needs something like Paccheck script.

How do we know they failed? Has the kernel been verified line by line to make sure it has not been tampered with? Is anyone working on this now? I have the exact same suspicion as you. My feeling is that checksum verification will not work / is not good enough to know for sure.

Again, kernel.org is / was a regular mirror, it had all official Arch packages, not just the kernel.
Have you read https://bbs.archlinux.org/viewtopic.php … 32#p984932 and the next couple posts about how git works? To me it seems that the source code for kernel was not tampered with.

Not to sound rude, but do you know something about creating checksum collision we don't i.e. it's pretty damn hard to do?

Offline

#29 2011-09-13 18:52:14

Griemak
Member
Registered: 2011-05-10
Posts: 46

Re: kernel.org - Security Breach

dodo3773 wrote:
xunil9025 wrote:

They try to take over Linux but they failed, we should improve arch Linux with better security checking packages Pacman needs something like Paccheck script.

How do we know they failed? Has the kernel been verified line by line to make sure it has not been tampered with? Is anyone working on this now? I have the exact same suspicion as you. My feeling is that checksum verification will not work / is not good enough to know for sure.

Emotions feed emotions, logic subdues them.  Put your anxiety based upon feeling aside due to statistical improbability.  While it is certainly probable (theory not yet proven that I am aware of) that two files of different content can have the same checksum, having these same files be YOUR WORKING kernel are so fantastically improbable that checksum verification can offer a LEVEL of security in 2011.  In reality, the only true way to be 100% certain is to be dead.  Most do not consider this to be an acceptable option to security, though, as the usability of the computer while the user is in the state of "dead" has not yet been deemed plausible.

Linux.com and kernel.org shared the same "locks".  We are witnessing someone using a found key in multiple doors...  (yes, my opinion)

Last edited by Griemak (2011-09-13 18:52:55)


There are only two ways to live your life: One is as though nothing is a miracle. The other is as though everything is a miracle. - Albert Einstein

How wonderful it is that nobody need wait a single moment before starting to improve the world. - Anne Frank

Offline

#30 2011-09-13 19:03:07

dodo3773
Member
Registered: 2011-03-17
Posts: 801

Re: kernel.org - Security Breach

karol wrote:

Not to sound rude, but do you know something about creating checksum collision we don't i.e. it's pretty damn hard to do?

@karol & @Griemak

I guess I would just feel more comfortable if it was analysed that's all. You guys are probably right. It does seem like it would be a very hard thing to accomplish. It probably won't happen (analysis of the kernel I mean) anyway because of how much work it entails.

Offline

#31 2011-09-13 19:11:25

wonder
Developer
From: Bucharest, Romania
Registered: 2006-07-05
Posts: 5,937
Website

Re: kernel.org - Security Breach

xunil9025 wrote:

It was the Cia also don't trust anonymouse hackers they are the government they got the most powerful hacking computers! They want to put back doors in every communication, it's like what they did in Windows. They try to take over Linux but they failed, we should improve arch Linux with better security checking packages Pacman needs something like Paccheck script.

Read this it's the famous NSA backdoor in XP!

http://en.wikipedia.org/wiki/NSAKEY

I recommend not to use any windows if you care about privacy.

Watch out Bigbrother is watching you!!

are you concerned? YOU can check the validity of our packages by using pacman 4 beta or pacman-git right now! Over 58% packages are signed from core+extra

Last edited by wonder (2011-09-13 19:28:15)


Give what you have. To someone, it may be better than you dare to think.

Offline

#32 2011-09-13 20:26:01

the sad clown
Member
From: 192.168.0.X
Registered: 2011-03-20
Posts: 837

Re: kernel.org - Security Breach

wonder wrote:
xunil9025 wrote:

It was the Cia also don't trust anonymouse hackers they are the government they got the most powerful hacking computers! They want to put back doors in every communication, it's like what they did in Windows. They try to take over Linux but they failed, we should improve arch Linux with better security checking packages Pacman needs something like Paccheck script.

Read this it's the famous NSA backdoor in XP!

http://en.wikipedia.org/wiki/NSAKEY

I recommend not to use any windows if you care about privacy.

Watch out Bigbrother is watching you!!

are you concerned? YOU can check the validity of our packages by using pacman 4 beta or pacman-git right now! Over 58% packages are signed from core+extra

Awesome, it's like a forum infomercial.  Do I get a set of cutlery with that at no additional cost?


I laugh, yet the joke is on me

Offline

#33 2011-09-14 00:24:33

fsckd
Forum Fellow
Registered: 2009-06-15
Posts: 4,173

Re: kernel.org - Security Breach

the sad clown wrote:
wonder wrote:

are you concerned? YOU can check the validity of our packages by using pacman 4 beta or pacman-git right now! Over 58% packages are signed from core+extra

Awesome, it's like a forum infomercial.  Do I get a set of cutlery with that at no additional cost?

Only if you download now. Seeders are standing by to take your order.


aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies

Offline

#34 2011-09-14 04:09:15

ngoonee
Forum Fellow
From: Between Thailand and Singapore
Registered: 2009-03-17
Posts: 7,158

Re: kernel.org - Security Breach

xunil9025 wrote:

It was the Cia also don't trust anonymouse hackers they are the government they got the most powerful hacking computers! They want to put back doors in every communication, it's like what they did in Windows. They try to take over Linux but they failed, we should improve arch Linux with better security checking packages Pacman needs something like Paccheck script.

Read this it's the famous NSA backdoor in XP!

http://en.wikipedia.org/wiki/NSAKEY

I recommend not to use any windows if you care about privacy.

Watch out Bigbrother is watching you!!

https://wiki.archlinux.org/index.php/Fo … ng_Systems

And besides that - at least get some proper technical basis for your paranoia....


Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Offline

#35 2011-09-14 08:23:24

xunil9025
Member
Registered: 2011-02-26
Posts: 61

Re: kernel.org - Security Breach

@Wonder it's great to see the package check into Pacman thanku!

@Ngoonee
There are backdoors in all windowses!!
Here some more prove....

http://www.commondreams.org/headline/2010/09/27-8
http://www.youtube.com/watch?v=VeYdr6P68H4
http://www.osnews.com/story/22511/Micro … _Windows_7

Last edited by xunil9025 (2011-09-14 09:15:05)

Offline

#36 2011-09-14 08:29:06

ngoonee
Forum Fellow
From: Between Thailand and Singapore
Registered: 2009-03-17
Posts: 7,158

Re: kernel.org - Security Breach

xunil9025 wrote:

@Ngoonee
There are backdoors in all windowses!!
Here some more prove....

http://www.commondreams.org/headline/2010/09/27-8
http://www.youtube.com/watch?v=VeYdr6P68H4
http://www.osnews.com/story/22511/Micro … _Windows_7

I recommend not to use any Windows if you care about privacy!!

Watch out Bigbrother is watching you!!

I recommend following forum rules. What's the point in convincing Linux users they should not use windows, anyway?


Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Offline

#37 2011-09-14 08:52:52

xunil9025
Member
Registered: 2011-02-26
Posts: 61

Re: kernel.org - Security Breach

Some people are using Windows dualboot, so for privacy reasons it's perhaps better to remove it...

Last edited by xunil9025 (2011-09-14 08:58:14)

Offline

#38 2011-09-14 09:05:36

bernarcher
Forum Fellow
From: Germany
Registered: 2009-02-17
Posts: 2,281

Re: kernel.org - Security Breach

@xunil9025

I am sure Archers do know about this. Please stop ranting and do what ngoonee told you.


To know or not to know ...
... the questions remain forever.

Offline

#39 2011-09-14 09:13:02

xunil9025
Member
Registered: 2011-02-26
Posts: 61

Re: kernel.org - Security Breach

Sorry did I break the forum rules?
May I ask what did I do wrong? so next time it won't happen...

Offline

#40 2011-09-14 09:24:14

bernarcher
Forum Fellow
From: Germany
Registered: 2009-02-17
Posts: 2,281

Re: kernel.org - Security Breach

xunil9025 wrote:

Sorry did I break the forum rules?
May I ask what did I do wrong? so next time it won't happen...

https://bbs.archlinux.org/viewtopic.php … 73#p990473


To know or not to know ...
... the questions remain forever.

Offline

#41 2011-09-14 17:20:21

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 994

Re: kernel.org - Security Breach

xunil9025 wrote:

Sorry did I break the forum rules?
May I ask what did I do wrong? so next time it won't happen...

Well, empty accusations come to mind... Besides, have you heard of RHEL/Fedora and this SELinux thing?

I  think you need to switch to openbsd asap sad


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#42 2011-09-14 17:55:22

xunil9025
Member
Registered: 2011-02-26
Posts: 61

Re: kernel.org - Security Breach

bernarcher wrote:
xunil9025 wrote:

Sorry did I break the forum rules?
May I ask what did I do wrong? so next time it won't happen...

https://bbs.archlinux.org/viewtopic.php … 73#p990473

I still Don't see it, which forum rule did I broke?

@Leonid.I
Yes the SElinux thing made by the NSA it seems some backdoor for me, I wouldn't use it apparmor seems better.

Last edited by xunil9025 (2011-09-14 17:58:07)

Offline

#43 2011-09-14 18:19:39

Gullible Jones
Member
Registered: 2004-12-29
Posts: 4,863

Re: kernel.org - Security Breach

If the NSA had all Windows machines compromised, you'd be screwed anyway. To actually sift through the data from all those machines, the NSA would need a bona fide quantum computer - which would mean that, if they have any interest in you at all, your password is toast.

(Mind, I'm not going to say they don't have a working quantum computer. The fact that AT&T was pumping a good faction of the world's internet traffic into NSA boxen, and the NSA were apparently able to deal with it, is awfully suggestive, no?)

Last edited by Gullible Jones (2011-09-14 18:20:31)

Offline

#44 2011-09-14 19:22:49

fsckd
Forum Fellow
Registered: 2009-06-15
Posts: 4,173

Re: kernel.org - Security Breach

xunil9025 wrote:
bernarcher wrote:
xunil9025 wrote:

Sorry did I break the forum rules?
May I ask what did I do wrong? so next time it won't happen...

https://bbs.archlinux.org/viewtopic.php … 73#p990473

I still Don't see it, which forum rule did I broke?

The rule you are breaking is this one: https://wiki.archlinux.org/index.php/Fo … ng_Systems
The NSA key backdoor is speculation and MS has stated no such backdoor exists. Saying that MS is lying is an issue for the courts, not a discussion forum such as this one. Please do not further derail this thread. I strongly recommend you read and understand the forum rules. If you have any questions, feel free to email me or any of the other moderators. Thank you.


aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies

Offline

#45 2011-09-14 19:42:49

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 994

Re: kernel.org - Security Breach

Gullible Jones wrote:

If the NSA had all Windows machines compromised, you'd be screwed anyway. To actually sift through the data from all those machines, the NSA would need a bona fide quantum computer - which would mean that, if they have any interest in you at all, your password is toast.

(Mind, I'm not going to say they don't have a working quantum computer. The fact that AT&T was pumping a good faction of the world's internet traffic into NSA boxen, and the NSA were apparently able to deal with it, is awfully suggestive, no?)

Omitting all the details, I can safely assure you that noone on this planet has a large scale quantum computer, so let the paranoia die smile


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#46 2011-09-14 21:36:26

ssri
Member
Registered: 2010-02-16
Posts: 213

Re: kernel.org - Security Breach

Hmm, maybe I should invest in the manufacturers of foil given some of the recent posts in this thread.  Anyways, in my lame attempt to redirect it back on track, has there been any additional information regarding the breach?  Lately, the flow of news has tapered to a trickle.

Last edited by ssri (2011-09-18 07:32:15)

Offline

#47 2011-09-14 21:44:58

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: kernel.org - Security Breach

ssri wrote:

Anyways, in my lame attempt to redirect it back on track, has there been any additional information regarding the breach?  Lately, the news has tapered to a trickle.

I'll add another drop (although you probably know it already): kernel development moved (temporarily) to github https://github.com/torvalds/linux
Seriously, that's all I know and it's not really breach-related.

Offline

#48 2011-09-15 01:12:08

Grinch
Member
Registered: 2010-11-07
Posts: 265

Re: kernel.org - Security Breach

Well, most likely they are currently restoring from backups while making sure they have plugged the security hole before going online again. I'm guessing the site maintainers are a bit shaken and wants to make sure nothing like this happens again. I certainly would find it interesting to learn just how the breach was done, was it some software exploit, or was someone's credentials hacked somewhere else and used to compromise these sites? I really liked how they came out and said 'Hey, we've been hacked' together with (what I assume) all that they knew at the time. I hope they will continue with full disclosure as it's something I find reassuring.

As for Linux itself, short of someone hacking Linus machine and getting his private signing key it's not as if they can really tamper with the official kernel given the way git and Linux kernel development works.

Offline

#49 2011-09-17 12:32:20

Thor@Flanders
Member
Registered: 2010-08-27
Posts: 266

Re: kernel.org - Security Breach

(too much paranoia, not enough constructive thought)

Offline

#50 2011-09-17 14:57:14

Bra1n0v3rfl0w
Member
Registered: 2011-02-26
Posts: 5

Re: kernel.org - Security Breach

This seems connected to kernel.org security breach:

Important server in the Frugalware infrastructure was compromised: http://frugalware.org/
and: http://article.gmane.org/gmane.linux.fr … devel/9899

Offline

Board footer

Powered by FluxBB