Gentoo has laid out the cause and impact of an attack that saw the Linux distribution locked out of its GitHub organisation.
The attack took place on June 28, and saw Gentoo unable to use GitHub for approximately five days.
Due a lack of two-factor authentication, once the attacker guessed an admin's password, the organisation was in trouble.
"The attacker gained access to a password of an organisation administrator. Evidence collected suggests a password scheme where disclosure on one site made it easy to guess passwords for unrelated web pages," the incident report said.
Gentoo now has a requirement for two-factor authentication to join its GitHub organisation.
Once the attacker gained access, Gentoo said it was lucky that the attack was loud and removing all other developers caused them to be emailed, and that a quieter attacker could have lurked for longer. The report added that by force pushing commits that attempted to remove all files, the attacker made "downstream consumption more conspicuous".
The report said Gentoo maintains its own infrastructure, and only uses GitHub to be closer to contributors.
"We do not believe the private keys of the account impacted were at risk, and so the Gentoo-hosted infrastructure was not impacted by this incident," the report said.
According to logs, a number of GitHub accounts were probing for nearly 20 days in the lead-up to the attack.
Ebuilds were replaced by attacker with ones intended to delete every file, which thankfully failed to work as intended.
Are you a Windows power-user? You can get and install Linux Mint running on your PC -- either to try it out or as a replacement for Windows.
The oldest Linux business, SUSE, is changing hands.
Raspberry Pi Foundation is hungry for beginners to try out its device, hence a new setup wizard and app store.
Google is joining The Linux Foundation as a Platinum member. Google executive Sarah Novotny will become a Linux Foundation board member.
The difference between Linux hard and soft links (TechRepublic)
Jack Wallen explains the difference between Linux symbolic and regular links in terms that anyone can understand.