Following the recent Gentoo Linux hack the distribution’s security team started to investigate how the intrusion was made. The published report showcases exactly how the criminals have been able to break into their GitHub accounts and embedded malicious code.
The Investigation Reveals How the Gentoo Linux GitHub Hack Was Made
Last week saw a hacker intrusion into the main GitHub account of Gentoo Linux. This is one of the most popular distributions of the free operating system which is well-known for being used mainly by advanced users, system administrators and network engineers because of it’s unique package management system that compiles the user-installed software from source code. The reason why people choose Gentoo is due to it’s inherent customization options allowing it to be used in various situations with ease.
Unfortunately last week the security team posted an announcement stating that computer hackers have been able to access their GitHub account and embed malicious code that ultimately may have infected end users and developers. A thorough investigation has been commissioned in order to reveal how the hackers have been able to gain entry to it. The Gentoo team has prepared a full report which has been published online on their wiki page revealing details on the attack.
The criminals were able to gain access to a password used by the administrator staff. The investigation team confirmed that a possible cause could have been guessing schemes and information gathering that ultimately were used to discover the password. Consequently the GitHub repositories were made accessible to the hackers. It is used to host various infrastructure code and projects. Fortunately this does not include the main application repositories that are used by the general public to download packages or package (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/gentoo-linux-github-hacked-via-password-guessing/