
Gentoo GitHub Organization hacked - ryanlol
https://archives.gentoo.org/gentoo-announce/message/dc23d48d2258e1ed91599a8091167002
======
Crontab
What kind of a dick would do this to Gentoo, who makes everything available to
everyone? I don't understand the world sometimes.

~~~
21
Someone who wants to steal crypto for example. Being able to inject a crypto
stealer in a major distribution surely motivates a lot of people to try.

~~~
kchr
Someone with such long term goals would most likely not do it as noisy and
destructive as this attack seems to be (delete all files, rename the Github
org, etc.).

------
contingencies
I am a long term Gentoo user, but honestly I feel Gentoo's security stance is
pretty bad, for example
[https://bugs.gentoo.org/show_bug.cgi?id=597804](https://bugs.gentoo.org/show_bug.cgi?id=597804)

Their high friction contribution process with essentially requisite
'accredited developer' status is a major contributing factor.

Edit: Hah! Posting here got the bug updated within 10 minutes :)

~~~
tyil
Have you considered Funtoo yet? It's a fork of Gentoo, led by the creator of
Gentoo.

------
boudin
Seems than the person replaced ebuilds in portage with versions that are
supposed to delete all files but that don't actually work.
[https://archives.gentoo.org/gentoo-
dev/message/03df77a347ec7...](https://archives.gentoo.org/gentoo-
dev/message/03df77a347ec75a9b1ceaab3a2f76ee8)

------
xiii1408
What was the modified version of the GitHub page?? Looks like it was taken
down before I could get there.

Crossing my fingers they added jokes about Stallman and _muh freedums_.

~~~
kayfox
The title read: Linux For N____es

The N word being _that_ N word.

The logo was also changed to something that implied watermelon eating.

~~~
swebs
Is "negroes" supposed to be a super offensive word now?

~~~
kchr
You don't get to decide what words are offensive for some people unless you
are part of the subject group of said people. Anything would be a
misunderstanding of the word "offensive".

~~~
kchr
*Anything else

------
mistrial9
side note -- there is another FOSS org that was repeatedly, specifically
attacked around the end of 2015, but they chose not to publicize it.. made
worse because the volunteer community around the server admin was immediately
far outside their comfort zone to implement fixes and recovery. The MediaWiki
instance as well as raw servers were affected. No discussion in public about
likely perpetrators. but what can you say ? How can you prove it? Commercial
vendor rivals, nation-state actors, mean junkies, all of the above? Harsh and
UN-necsessary .. everything was volunteer and above-board at the FOSS group,
just too valuable ?

~~~
mchristen
You can't just tell that story w/o namedropping....

~~~
jooV1Bei
Probably talking about FSF.

Employees of backconnect.com including Tucker Preston and Marshall Webb DDoSed
them for a while to land them as clients for their DDoS protection service.

[https://krebsonsecurity.com/2016/09/ddos-mitigation-firm-
has...](https://krebsonsecurity.com/2016/09/ddos-mitigation-firm-has-history-
of-hijacks/) (ctrl-f FSF)

------
spork12
Was probably opal

~~~
EFruit
Who is opal?

~~~
ryanlol
Famous IRC artist.

~~~
ronsor
yeah you don't want opal on your IRC network

~~~
mschuster91
> yeah you don't want opal on your IRC network

One of these "DCC 0 0 0" spammers getting people with crappy firewall
middleboxes disconnected?

~~~
badrabbit
No,a PM/channel troll&spammer. but his persistence and discipline really
merits the title of an artist.

~~~
JeremyBanks
Don’t glorify misbehaviour.

------
Bromskloss
What changes were made?

~~~
kchr
Apparently the Github organization title and logo was changed, along with a
couple of packages edited to contain scripts that were supposed to erase all
files on user computers.

The Github repos are just backups of the main package archives, so it would
only affect users manually downloading packages from there (which is not the
case if you haven't explicitly changed your system config to use those repos
for some reason).

------
k_sze
Wait... did they not use 2FA?!

------
rablo
Dammit... l0de can’t keep getting away with it. I recommend you call him
during his radio hour.

~~~
raziel2p
Who is l0de? Are you implying they are the ones who did this?

~~~
neur0h
l0de doesnt actually do anything except smoke meth and live off donations from
his sycophant army on Efnet. It was probably one of his followers/listeners
though because this had been announced weeks before on his radio show

