Despite the multitude of corporate conferences this time of year, it's been hackers that have held the headlines for the past week. First, Kernel.org was hacked. Then, an enterprising young hacker stole security certificates from a European firm. Fortunately, the Kernel.org intrusion seems to have been almost unintentional, with the forensics team coming away under the impression that the hackers there did not actually know what machine they'd compromised. Had they been more aware, they could have executed hidden edits to the Linux kernel (though Git does make that almost impossible), snatched tons of passwords from top-level Linux contributors, and generally wrecked havoc on the Linux community. Fortunately, that hasn't happened yet, and the hackers in question seemed more concerned with turning Kernel.org into a zombie for later pass-through use. They went right for SSH as soon as they got onto the box, after all.

From the Kernel hack report on Kernel.org:

What happened?

• Intruders gained root access on the server Hera. We believe they may have gained this access via a compromised user credential; how they managed to exploit that to root access is currently unknown and is being investigated.
• Files belonging to ssh (openssh, openssh-server and openssh-clients) were modified and running live.
• A trojan startup file was added to the system start up scriptsUser interactions were logged, as well as some exploit code. We have retained this for now.
• Trojan initially discovered due to the Xnest /dev/mem error message w/o Xnest installed; have been seen on other systems. It is unclear if systems that exhibit this message are susceptible, compromised or not. If developers see this, and you don't have Xnest installed, please investigate.
• It *appears* that 3.1-rc2 might have blocked the exploit injector, we don't know if this is intentional or a side affect of another bugfix or change.

What Has Been Done so far:

• We have currently taken boxes off line to do a backup and are in the process of doing complete reinstalls.
• We have notified authorities in the United States and in Europe to assist with the investigation
• We will be doing a full reinstall on all boxes on kernel.org
• We are in the process of doing an analysis on the code within git, and the tarballs to confirm that nothing has been modified

The second big hack this past week was the break in at DigiNotar. Security certificates are definitely high priority targets for expert hackers. With a stolen cert, anyone in the world can pretend to be Bank of America, or even the CIA. It would seem the hacker in this case also handed off some of these certs to contacts inside Iran. The hacker in question, who goes by the name Comodohacker, responded to the numerous news stories and reported mis-information about him, today, via PasteBin.

In broken English, he essentially self-aggrandizes, and brags about the skill required to perform the hack. He also points out that, even though he's only 21 years old, he's just caused an international security incident. And he's right.