What Went Wrong in the Gentoo Linux Hack

by Developer.com Staff

The attack on the GitHub repository could have been much worse.

The developers behind the Gentoo distribution of Linux have revealed more details about how their GitHub repository got hacked last week. According to the team, "The attacker gained access to a password of an organization administrator. Evidence collected suggests a password scheme where disclosure on one site made it easy to guess passwords for unrelated webpages."

Luckily, the attacker took actions that were immediately noticed. "Given the credential taken, its likely a quieter attack would have provided a longer opportunity window," the developers said.

To prevent future attacks of this nature, the team is adopting two-factor authentication and implementing a policy that requires developers to use a password manager.

View article

This article was originally published on Friday Jul 6th 2018
Mobile Site | Full Site