Linux experts are crap at passwords! | Tech Security

Remember the Gentoo data breach story last week?

Someone broke into the Linux distro’s GitHub repository, took it over completely by kicking out all the Gentoo developers, infected the source code by implanting malcious commands (rm ‑rf) all over the place, added a racist slur, and generally brought a week of woe to the world of Gentoo.

In case you’re wondering, rm ‑rf is Unix/Linux system command language for remove files (rm) recursively (‑r), which means “including any subdirectories”, and forcibly (‑f), which means that the user won’t see any warnings or prompts. The Windows equivalent is DEL /S /F /Q, a command you often regret almost immediately after you hit [Enter].

Fortunately, Gentoo’s GitHub respository wasn’t the primary source for Gentoo code, and few, if any, Gentoo users were relying on it for software updates.

Phew.

Other good news is that the stolen GitHub account is back under Gentoo’s control now; the hacked files have all been identified and removed; and Gentoo has learned (and, at the same time, taught the rest of us) three main lessons.