By Soulskill from Slashdot's you-never-appreciate-it-until-it's-gone department
Trailrunner7 writes "The attack that compromised some high-value servers belonging to kernel.org — but not the Linux kernel source code — may have been the work of hackers who simply got lucky and didn't realize the value of the servers that they had gotten their hands on. The attackers made a couple of mistakes that enabled the administrators at kernel.org to discover the breach and stop it before any major damage occurred. First, they used a known Linux rootkit called Phalanx that the admins were able to detect. And second, the attackers set up SSH backdoors on the compromised servers, which the admins also discovered. Had the hackers been specifically targeting the kernel.org servers, the attack probably would've looked quite different."
A few blog posts in the wake of the attack have agreed with the initial announcement; while it was embarrassing, the integrity of the kernel source
is not in question
.Read Replies (0)
Google To Shut Down 10 Products
Posted by News Fetcher on September 03 '11 at 09:15 AM
By Soulskill from Slashdot's you-are-the-weakest-links department
Google announced yesterday that it is closing a number of its current products
and merging others into similar services. Many of them will continue to be available in the near future to facilitate the transition. The list of affected services includes Aardvark, Desktop, Fast Flip, Maps API for Flash, Google Pack, Google Web Security, Image Labeler, Notebook, Sidewiki, and Subscriber Links. Google's Alan Eustace wrote. "This will make things much simpler for our users, improving the overall Google experience. It will also mean we can devote more resources to high impact products—the ones that improve the lives of billions of people. All the Googlers working on these projects will be moved over to higher-impact products. As for our users, we’ll communicate directly with them as we make these changes, giving sufficient time to make the transition and enabling them to take their data with them." The link contains brief descriptions of how each service is getting phased out.Read Replies (0)
By timothy from Slashdot's now-you've-done-it department
An anonymous reader writes "After previously claiming that the Iranian hack of CA Diginotar did not compromise certificates of the Dutch government, it has now been decided that there is too much risk and the certificates will have to be revoked after all (original Dutch text). Since the Dutch government has been using only Diginotar-supplied certificates, this will leave all government websites with invalid certificates while a new supplier is being searched for. The minister of internal affairs recommends people not to use the websites if a warning about an invalid certificate appears."
Related: Reader TheAppalasian
links to Johnathan Nightingale of Mozilla Engineering explaining in clear terms why DigiNotar should no longer be trusted
.Read Replies (0)