[svlug] kernel.org breach, four years later

Rick Moen rick at linuxmafia.com
Sat Nov 21 04:00:03 PST 2015


> And yeah, I'd call that embarrassing.  
> o  Making /dev/mem about to access _all memory_ was embarrassing.
                     ^^^^^ able
> o  Doing nothing about this ghastly error for _six years_ after
>    it became automatically exploitable was embarrassing.
> o  Not pulling power upon receipt of proof of root compromise was 
>    embarrassing.
> o  Not bothering to inform or protect the public for two 
>    additional days was embarrassing.
> o  Promising a forensics report, failing to deliver one for four
>    years, and leaving it to the likes of me to try to discover the
>    truth, is kind of sad and embarrassing.
> Some of those items are 100% certain; the rest are a pretty good guess
> on my part.

More information about the svlug mailing list