Language Selection

English French German Italian Portuguese Spanish

Security Issues at Gentoo Narrowed Down to Crappy Password

Filed under
Gentoo
Security
  • Linux experts are crap at passwords!

    Fortunately, Gentoo’s GitHub respository wasn’t the primary source for Gentoo code, and few, if any, Gentoo users were relying on it for software updates.

  • Gentoo publishes detailed report after its GitHub was compromised

    You may have seen the news towards the end of June that Gentoo, a fairly advanced Linux distribution, had its GitHub repository compromised after an attacker managed to gain access to one of the connected accounts. Now, Gentoo has published a comprehensive report about the incident and it turns out that the gaff was due to not following rudimentary security tips.

  • Weak Admin Password Caused Compromise of Gentoo GitHub repository

    Gentoo have finished their investigation of the hack that affected their project last week on GitHub. The point of vulnerability has turned out to be a weak Administrator password. upon compromise the hackers added the Linux killer command “rm -rf /” so when users cloned the project to their computers all their data will be erased.

Gentoo Linux Github

  • Gentoo Linux Github Organization repo hack was down to a series of security mistakes

    It seems that the hackers were able to gain access to the GitHub organization account by using the password of one of the organization administrators. By the team's own admission, poor security meant that the password was easy to guess. As the Register points out, "only luck limited the damage", but the Gentoo Linux team is keen to let it be known that it has learned a lot from the incident.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Review: Emmabuntüs DE3-1.00

It was recently pointed out to me that I have never written a review of the Emmabuntüs distribution and I was asked to address this oversight. With that in mind, I downloaded the latest version of this Debian-based, desktop distribution. Emmabuntüs features the Xfce desktop and runs on packages provided by Debian 10 "Buster". The project, which is designed to be run on older or used computers in order to extended their usefulness, is available in 32-bit (x86) and 64-bit (x86_64) builds. The distribution strives to lower the bar for trying Linux by providing support for multiple languages and using the friendly Calamares installer to set up the operating system. I downloaded the 64-bit version of Emmabuntüs which is a hefty 3.1GB. Booting from the Emmabuntüs media brings up a boot menu asking us to pick our preferred language from a list. Then we are asked if we want to try the distribution's live desktop or launch either a text-based or graphical installer. The installer options launch Debian's text and graphical installers, respectively. The Try option launches a live desktop environment running the Xfce 4.12 desktop. I decided to use the live desktop to test the distribution before installing it. When the Xfce desktop first loads we are shown a series of welcome windows. The first one just displays a short greeting. The next one invites us to change our keyboard's layout (the default mapping is US). Another pop-up asks if we want to turn on a number of features. These include enabling a dock, activating the taskbar, activating the workspace, and enabling a dark theme. To be frank, I'm not sure what the utility means by activating the workspace and none of the options are explained. Enabling the dock gives us a macOS style launcher at the bottom of the screen and the other two options did not appear to have any significant effect whether turned on or not. The next window offers to install Flash and media codecs. It will then try to download and install these packages while we wait. When it is done, another welcome window appears. This one displays a grid of buttons that provide short-cuts to on-line documentation and a forum, a local PDF with tips on using Debian, and quick access to the software manager, settings panel, and some convenience tools. I will talk about these features later. A panel at the top of the Xfce desktop holds the application menu, task switcher, and the system tray. In the upper-right corner is a menu we can use to logout or shutdown the computer. Icons on the desktop offer to run the Calamares installer, run an uninstaller, launch the Disks utility to partition the hard drive, and open a tool to change the keyboard layout. There is also an icon for opening a tool to repair the boot loader. The concept of an uninstaller intrigued me since usually people do not remove operating systems so much as remove their partition or install over them. I tested this tool and found the uninstaller will search for partitions with an operating system installed and then offer to format the selected partition with either the NTFS or ext3 filesystem. The live environment, once we navigate through the welcome windows, worked well for me. Xfce was responsive and straight forward to use. My hardware was working well with the distribution and I was happy to move ahead with running the installer. Read more

OSMC's November update is here with Kodi 18.5

OSMC's November update is now here with Kodi v18.5. Please be aware that there are currently issues with the TVDB scraper. This is not related to the update and we expect these issues to be resolved shortly. We continue our development for 3D Frame Packed (MVC) output for Vero 4K / 4K + and a significantly improved video stack which will land before the end of the year. Our work on preparing Raspberry Pi 4 support continues. Team Kodi recently announced the 18.5 point release of Kodi Leia. We have now prepared this for all supported OSMC devices and added some improvements and fixes. Read more

LibreOffice 6.4 beta 1 is available

LibreOffice 6.4 beta 1 is available for downloading now. There are builds for all main OS for 64 bit. Read more

One Last RC of Linux 5.4, New Features and Linux 5.5

  • Linux 5.4-rc8
    I'm not entirely sure we need an rc8, because last week was pretty
    calm despite the Intel hw workarounds landing. So I considered just
    making a final 5.4 and be done with it, but decided that there's no
    real downside to just doing the rc8 after having a release cycle that
    took a while to calm down.
    
    But it *has* calmed down, and I expect the upcoming week to be quiet
    too (knock wood).
    
    In fact, considering that the week after that is Thanksgiving week in
    the US, I'm hoping that most of the pull requests I get next week
    aren't fixes for 5.4, but people sending me early pull requests for
    when the merge window for 5.5 opens. That way those proactive
    developers can then sit back and relax during that turkey-filled
    feast...
    
    Anyway, looking at the rc8 diffs, the bulk of it is for the intel hw
    issues, both on the CPU side (TSX Async Abort, and the iTLB multihit
    thing), and on the GPU side (GPU hang and invalid accesses). None of
    the patches are big, and honestly, shouldn't affect anybody.
    
    The other noticeable thing in the diffs is the removal of the vboxsf
    filesystem. It will get resubmitted properly later, there was nothing
    obviously wrong with it technically, it just ended up in the wrong
    location and submitted at the wrong time. We'll get it done properly
    probably during 5.5.
    
    Outside of those two areas, there's some kvm fixes, and some minor
    core networking, VM and VFS fixes. And various random small things.
    
    Nothing really looks all that worrisome from a release standpoint, and
    as mentioned I was toying with just skipping this rc entirely. But
    better safe than sorry.
    
    Please do go give the tires a final few kicks before the expected 5.4
    release next weekend.
    
    Thanks,
    
    Linus
    
    
  • Linux 5.4-rc8 Released - Things Are Calm For Linux 5.4's Debut Next Week

    As expected, Linus Torvalds opted for doing a 5.4-rc8 kernel release today rather than going straight to Linux 5.4 stable. However, he says he could have just as well done the stable kernel release thanks to the cycle settling down. Linus decided to release Linux 5.4-rc8 and then ship Linux 5.4.0 next Sunday to allow for extra testing. But he wouldn't mind if kernel maintainers begin sending in their Linux 5.5 pull requests early especially since the week after next is the US Thanksgiving week.

  • The Exciting Linux 5.4 Changes From exFAT Support To Intel Tiger Lake Graphics

    It's possible this afternoon Linus Torvalds will release Linux 5.4 stable but considering his communications in recent weeks and many changes still flowing in this week, it's more than likely he will divert and release Linux 5.4-rc8 today and then ship this next stable kernel update on the next Sunday.

  • Linux 5.5 Should Bring Another Power Management Improvement For Intel Ice Lake

    The upcoming Linux 5.5 kernel cycle should bring an improvement for power management on Intel's latest-generation Ice Lake processors. With my Dell XPS 7390 Ice Lake Core i7 testing the power management has been quite good, but it looks like Linux 5.5 will be even better. On Saturday this commit was staged as part of USB testing code ahead of the upcoming Linux 5.5 merge window.