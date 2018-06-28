Stories
Gentoo GitHub Mirror Compromised and File-Wiping Malware Placed Inside Code

posted by mrpg on Friday June 29, @10:42PM   Printer-friendly
from the can-I-blame-microsoft-yet? dept.
News Security

Gentoo Linux GitHub Mirror Compromised, Taken Offline

DarkMorph writes:

From https://www.gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html

Today 28 June at approximately 20:20 UTC unknown individuals have gained control of the Github Gentoo organization, and modified the content of repositories as well as pages there. We are still working to determine the exact extent and to regain control of the organization and its repositories. All Gentoo code hosted on github should for the moment be considered compromised.

This does NOT affect any code hosted on the Gentoo infrastructure. Since the master Gentoo ebuild repository is hosted on our own infrastructure and since Github is only a mirror for it, you are fine as long as you are using rsync or webrsync from gentoo.org.

Also, the gentoo-mirror repositories including metadata are hosted under a separate Github organization and likely not affected as well.

All Gentoo commits are signed, and you should verify the integrity of the signatures when using git.

File-Wiping Malware Placed Inside Gentoo Linux Code After GitHub Account Hack

MrPlow writes:

Submitted via IRC for BoyceMagooglyMonkey

An unknown hacker has temporarily taken control over the GitHub account of the Gentoo Linux organization and embedded malicious code inside the operating system's distributions that would delete user files.

Source: File-Wiping Malware Placed Inside Gentoo Linux Code After GitHub Account Hack

Original Submission #1Original Submission #2


  • (Score: 1) by DECbot on Friday June 29, @10:51PM (2 children)

    by DECbot (832) on Friday June 29, @10:51PM (#700424) Journal

    Why download compromised binaries when you can compile your own!?!

    cats~$ sudo chown -R us /home/base

    • (Score: 0) by Anonymous Coward on Friday June 29, @11:10PM (1 child)

      by Anonymous Coward on Friday June 29, @11:10PM (#700430)

      This is true. Malware for lesser distros and operating systems is compiled with

      -Os

      only gentoo gives you the power to

      -march %s -mtune % -O3 -funroll-all-loops -fexpensive-optimizations

      • (Score: 0) by Anonymous Coward on Friday June 29, @11:15PM

        by Anonymous Coward on Friday June 29, @11:15PM (#700432)

        Don't forget the all-important -Omg-optimize and -fomit-instructions to make your carcomputer go faster.

  • (Score: 0) by Anonymous Coward on Friday June 29, @11:01PM

    by Anonymous Coward on Friday June 29, @11:01PM (#700428)

    If any file wiping code comes along, I can just get a backup from Microsoft's "telemetry servers" at the NSA.

