Linux.org's DNS Got Hijacked (linux.org) 62
Linux.org reports:
Wednesday afternoon around 5pm EST someone was able to get into the registrar account for our domain and point DNS to another server -- as well as lock us out from changing it. They pointed the domain name to a pretty rude page for most of the evening until Cloudflare stepped in and blocked the domain for us.
After a lot of back and forth with our registrar, we were able to get things back under our control. I'd like to point out that our server environment was not touched so there are no worries about your data. We've gone over security protocols and are tightening things up that may have slipped through in the past. Thanks for your support!
Linux.org apparently pointed to a page exclaiming "G3T 0WNED L1NUX N3RDZ", which also included a NSFW picture, some abusive language, a shout-out to recently-deceased programmer Terry Davis, and a link to an article about Linus Torvalds' controversial apology for "his hostile behavior towards others in the community."
Long-time Slashdot reader Grady Martin says he also saw the page pointing to "presumably doxed info" about the creator of Linux's code of conduct, a fact confirmed by a report in the Register. "As for how it was hacked, [Linux.org owner Mike] McLagan blames the public Whois displaying his partner's email address -- presumably the hacker worked their way into the Yahoo email account listed as the admin of the site and from there requested a password change in her Network Solutions account to gain access to the domain."
After a lot of back and forth with our registrar, we were able to get things back under our control. I'd like to point out that our server environment was not touched so there are no worries about your data. We've gone over security protocols and are tightening things up that may have slipped through in the past. Thanks for your support!
Linux.org apparently pointed to a page exclaiming "G3T 0WNED L1NUX N3RDZ", which also included a NSFW picture, some abusive language, a shout-out to recently-deceased programmer Terry Davis, and a link to an article about Linus Torvalds' controversial apology for "his hostile behavior towards others in the community."
Long-time Slashdot reader Grady Martin says he also saw the page pointing to "presumably doxed info" about the creator of Linux's code of conduct, a fact confirmed by a report in the Register. "As for how it was hacked, [Linux.org owner Mike] McLagan blames the public Whois displaying his partner's email address -- presumably the hacker worked their way into the Yahoo email account listed as the admin of the site and from there requested a password change in her Network Solutions account to gain access to the domain."
It's now sunday. (Score:5, Funny)
It took 4 days for the hacking of one of the biggest tech community sites on the internet to land on /.? Really? We gunna see a story about the Falcon 9 water landing next Friday?
Re: It's now sunday. (Score:3)
I visit it regularly. Ok, that's because I actually am a nerd and many here are only here to scream at each other or use mod points as an offensive weapon.
It's fairly obvious that the attack was by one of the alt-right morons we seem to be infected with, who aren't interested in the community unless they can hijack it.
Re: (Score:1)
If you were AS I would even considering a trolling but as you are in full glory here I'd say your comment is not as valid as it could have been if it were posted w/o pointing fingers and verbal abuse.
Re: (Score:2)
The statement is factually correct and the categorization appropriate. Sorry you don't like it.
I am also playing the 4-digit UID Joker Card, which gives me a free excuse.
Re: (Score:3)
They're called neckbeards. The whole "alt-right" movement was birthed by a neckbeard, wizard, hot grits, and a fertility spell gone awry.
It all started here, Grampy.
Re: (Score:1)
Well actually in reality, the alt-right was started as an alternate to the corporate Republicans, more libertarian in approach. This was considered a threat by the establishment and they trotted out some paid for nazis to rebrand the alt-right as white supremacy, so a deep state/shadow government rebranding of the alt-right. It all came about when the Greens and the Libertarians found they had more in common with each other, then either did with the corporate Republicans and the corporate Democrats, who in
Re: It's now sunday. (Score:2, Funny)
Sorry. My mom grounded me and changed the wifi password.
Re: (Score:2)
You don't think you've never gone to Linux.org
Is that a new form of double-negative?
Re: (Score:1)
Re: (Score:1)
Re: It's now sunday. (Score:2)
No, it's been discussed a few times.
Re: (Score:3, Interesting)
Because someone was doxed it was probably best to wait until they had at least removed that information. Not point amplifying the doxing.
Re: (Score:1, Insightful)
I love how they call him the creator of the code of conduct. Apparently copy pasting what some other person created on a feminist wiki is enough to give you creative ownership over a text.
This is a great standup joke:
So there was a 1st World white middle-aged man whose only skill was tweeting 16 hours a day and he didn't feel very white because of it since most other whites had skills worth a shit, and he needed a break out. So one day he used transgenderism as a vehicle in hopes of waiving his white privil
Re:It's now sunday. (Score:4, Funny)
It took 4 days for the hacking of one of the biggest tech community sites on the internet to land on /.? Really? We gunna see a story about the Falcon 9 water landing next Friday?
I know right? Record time for Slashdot.
social engineering (Score:2)
Re: (Score:2)
The registrar wasnt the one being fooled. They were reacting to a "legitimate" email address password reset.
If you've been on /. Long enough, you'll remember countless stories about how ALL Yahoo emails were breached. This was during the proposed sale to Verizon (?).
My wife had a Yahoo account, it took awhile to convince her to move elsewhere, but only because it was entrenched in the services she used.
Yea it's a PITA, but of you have a Yahoo email address, migrate immediately to anywhere else.
Yahoo.... (Score:5, Insightful)
I'm sorry, if you still have a Yahoo email that controls anything of value, you're an idiot and this is well deserved.
Re:Hotmail? (Score:2)
Wow, it's almost as bad as having a hotmail account. I mean seriously, it's 2018. A yahoo email address? Did he get it so he could do email push with the iPhone 1?
Re: (Score:3)
Yahoo
Hotmail
Gmail
Which one really is safer?
Re: (Score:3)
Yahoo Hotmail Gmail
Which one really is safer?
Running a number of Sigs, my experience is that if someone is hacked, the odds that they are using a Yahoo email account is pretty overwhelming.
It does say something that the creator of Linux's Code of Conduct is using a Yahoo email address. That is the realm of the computer inept, the land of passwords like password1, or 1234567.
Re: (Score:2, Informative)
It wasn't author of the CoC's email address that was used for the DNS records, it was the site owner.
Re: (Score:2)
It wasn't author of the CoC's email address that was used for the DNS records, it was the site owner.
You are correct. That summary is just plain wrong.
I am a victim of assuming that there would be some relation between the site referenced and the Slashdot summary. But I should know better.
Mike McLagan is the administrator of Linux.org. not the owner as described in the summary.
Michelle McLagan is the owner of Linux.org. Not mentioned anywhere in the summary.
She - although unnamed - is called "his partner" in the summary. Whether this means Significant Other type partner or business partner is not i
Re: (Score:2, Interesting)
Gmail, because it supports really good 2 factor auth. There is even an extra secure mode that blocks some normal Google account use and requires two FIDO keys.
Hotmail also supports 2 factor via a Microsoft account. Yahoo, I don't know.
Re: (Score:2)
Might still be better than gmail. I'm so happy keeping mail servers working is no longer a part of my work duties -- "can't send mail to site X" had X = gmail in at least 80% cases, as they invent a standards-defying policy once than a couple of months. And tossing ham into a spam box without a reject to the sender makes gmail unfit for your kid's kindergarten invites, much less some important stuff.
And the Registrar is ... (Score:2)
RIP Terry Davis (Score:1)
Verification (Score:5, Interesting)
DNS hijacking has been a problen in the past, resulting in DNS registrars swearing blind that they'll never again change ownership without verfying ownership over the phone.
NS obviously broke that rule.
Easy solution - pull their business license for a year.
Where are the kids parents? (Score:2)
G3T 0WNED L1NUX N3RDZ
Why isn't this child being supervised while on the internet?
Here is a screenshot (Score:3)
If you want to see what it looked like, here you go (NSFW) [archive.org]
Is it wrong that I just laughed for 10 mins?
The manhunt is on for the owner of that hairy asshole.
So, when is the hack going to be serious ? (Score:1)
Re: (Score:1)
Famous computer guy Ken Thompson said in 1984:
"The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program get
Re:So, when is the hack going to be serious ? (Score:4, Informative)
One day such hack will redirect archive.ubuntu.org (or other) to a repository of hacked updates and millions of linux users will get massively hacked with no hope of cleaning up.
As a linux user and admin I hope it won't happen, but I'm surprised it hasn't happened yet.
This is why the software packages are digitally signed by a key pair that the OS verifies against its keystore.
Even if archive.ubuntu.org was hijacked and pointed to a web server setup to serve the same package files, the signature wouldn't match if so much as a single bit was changed in the package, and your OS wouldn't install it.
Hijacking DNS would give the attacker no access what so ever to the real archive.ubuntu.org or whatever machine has their HSM hardware plugged into it, and so no ability to sign packages.