back to article Linux.org domain hacked, plastered with trolling, filth and anti-transgender vandalism

The Linux.org domain was hijacked on Friday morning, with the hacker plastering the message "G3T 0WNED L1NUX N3RDZ" complete with expletives and a very NSFW image (a hairy asshole). The real administrator of the site, Mike McLagan, immediately 'fessed up on Reddit, and said the vandal had managed to break into his partner's …

  1. Anonymous Coward
    Anonymous Coward

    Hopefully

    Hopefully the hacker will brag about the exploit while chatting up the cute next door neighbour only to discover the neighbour is a transgender ninja with anger management issues.

    1. Destroy All Monsters Silver badge
      Paris Hilton

      Re: Hopefully

      > chatting up the cute next door neighbour only to discover the neighbour is a transgender ninja

      I don't think you know how transgenderism works.

      Here's the real world:

      Transgender MMA Fighter Breaks Female Opponent’s Skull. Are we getting too “politically correct” with reality

      I’ve fought a lot of women and have never felt the strength that I felt in a fight as I did that night. I can’t answer whether it’s because she was born a man or not because I’m not a doctor. I can only say, I’ve never felt so overpowered ever in my life and I am an abnormally strong female in my own right… I still disagree with Fox fighting. Any other job or career I say have a go at it, but when it comes to a combat sport I think it just isn’t fair.

      1. Anonymous Coward
        Anonymous Coward

        Re: Hopefully

        I agree. Just like it's unfair when I play basketball and other players are taller than me, or when I do track, and some of the other guys are faster. Just not fair.

        1. Hollerithevo

          Re: Hopefully

          @AC, there's a reason we have featherweight, heavyweight, etc in boxing: because you can't put a small short fit fighter with a hugely tall, slab of muscle fit fighter. Small differences are fair. Enormous differences ae not fair. There's a photo of a girl's team onlinem with the girls all teenagers and about 5ft6in, and one bloke over 6ft. He identifies as female, and there he is on the team. First, as it were, amongst equals.

          1. Anonymous Coward
            Anonymous Coward

            Re: Hopefully

            You may be right but I can be a bit sceptical when I see the words "There's a photo of [...] online" to prove any sort of argument with no actual link or citation.

            For instance there's a photo showing the earth is flat online* so it proves my point that the earth is not roughly spherical.

            *Hey there actually is Flat Earth Online

      2. shawnfromnh

        Re: Hopefully

        I agree and I think they hacking it because of the CoC and the push to get an exagerated % of trans/gays/ and other groups they believe deserve to be hired when in Actuality Linus is the kind of boss Linux needs and people should be hired for skills not because of sexual or gender preference. If your dumb or unskilled/inexperienced I ask you stay away from Linux till you've screwed up enough to get smarted without disabling entire distros like an MS update.

        1. Doctor Syntax Silver badge

          Re: Hopefully

          "deserve to be hired when in Actuality Linus is the kind of boss Linux needs and people should be hired for skills"

          You clearly don't realise that Linus hires nobody. What he does is act as a gatekeeper for code submissions. Some of those submissions may come from people who have been hired, at least in part, to work on Linux. Some may come from people who are paid to work on other things. Search for "who writes Linux" to learn more.

          If you're able to get code accepted it means you're good enough whoever or whatever you are.

        2. Anonymous Coward
          Anonymous Coward

          Re: Hopefully

          what in the actual fuck are you talking about?

    2. bombastic bob Silver badge
      Meh

      Re: Hopefully

      " only to discover the neighbour is a transgender ninja with anger management issues police officer"

      I'd rather see the perpetrator take a trip through the criminal justice system. It's slower, public, and leaves a more 'lasting' impression upon others who might try and do something like this as a "me too".

    3. Paper
      Joke

      Re: Hopefully

      @Garymrrsn: Yeesh all the replies to your post - don't people get a joke anymore?

  2. Sorry that handle is already taken. Silver badge
    Trollface

    He was posting, he said, so Linux.org user would know "that the actual linux.org servers were untouched and no data was leaked."

    Hah!

  3. Anonymous Coward
    Anonymous Coward

    Windows vs Linux

    Well I suppose it was about time Windows hacks got a night off

    1. GnuTzu

      Re: Windows vs Linux

      I keep saying: Linux has been around and proliferated successfully enough to become a target. It's no longer just a patch Tuesday World.

  4. Gerhard Mack

    The real lesson is never use NetSol

    Seriously, WHY would anyone still have their stuff there? NetSol is notoriously easy to steal domains from and NetSol have argued in court that they have no responsibility for fixing the results of their own mistakes.

    1. Donn Bly

      Re: Ooooh...

      It may be easy to steal domains from them, but it is a real pain in the @ss to try to transfer any away from them. Sometimes it is easier just to pay their extortion fees for another year than spend the amount of time it takes.

      1. A.P. Veening Silver badge

        Re: Ooooh...

        "Sometimes it is easier just to pay their extortion fees for another year than spend the amount of time it takes."

        Easier maybe, smarter definitely not. And even if you do, the next year you have the same problem.

        1. Anonymous Coward
          Anonymous Coward

          Re: Ooooh...

          Easier maybe, smarter definitely not. And even if you do, the next year you have the same problem.

          Indeed, very true. But it sounds like that would encroach on their head-in-the-sand operating model.

    2. Voland's right hand Silver badge

      Re: The real lesson is never use NetSol

      Nope.

      The real lesson is not to have a webmail or SP account which can have the password recovered or redirected on your DNS registration without 2FA on it. Here the idiot (yes I mean it) had a webmail account on a service which is renowned for people managing to reset the passwords and nick them and he had no 2FA on it.

      If you value your domains use one of them to run mail infrastructure which is 100% your own and _YOU_ run the mail servers. Use that for authentication purposes. Overlay 2FA from the registrar if they provide it. Though frankly, just running your own mail infra for the "account" domain should be sufficient.

  5. Anonymous Coward
    Anonymous Coward

    Whoops

    It wasn't me, I would have directed it to Microsoft.

    1. Sorry that handle is already taken. Silver badge

      Re: Whoops

      That at least would have been cleverer

  6. This post has been deleted by its author

  7. FlamingDeath Silver badge

    Login box

    Are they presuming that the DNS change was done around the same time it was "plastered with trolling, filth and anti-transgender vandalism"

    Personally, if it were me, I would have created a clone of the website and captured login credentials

    Is anybody asking this question?

    1. katrinab Silver badge
      Flame

      Re: Login box

      You might think that, but TERFs are not the most intelligent people around.

      We have Sheila Jeffreys who thinks that trans women are not real women because they have smelly vaginas. Then we have Germaine Greer, a woman with a smelly vagina, who thinks that trans women are not real women because they don't have smelly vaginas.

      1. Hollerithevo

        Re: Login box

        @katrinab: is that what Jeffreys and Greer are saying? Do you think that sums up their arguments? TERFs aren't as intelligent as most people? Or just that they don't agree with the trans arguments? It would be better if each side didn't assume the other side were idiots or evil.

        1. Trixr

          Re: Login box

          To be honest, Jeffreys' and Greer's arguments don't substantially add up to much more than that. And yes, I've read both.

          What gets me is that so many people believe that trans people "choose" to transition for sh!ts and giggles. I will concede that a teeny tiny number of transpeople might identify as such for what might be called "attention-seeking behaviour". But honestly, I don't personally know anyone for whom that would be a motivation.

          I know many more transpeople who've had to deal with the cluelessness spouted by most people and the absolute bile from the likes of Jeffreys et al, and I can tell you that they have not found transitioning a fun activity by any stretch of the imagination. Nor dealing with whatever was going on in their life *before* finally figuring out they were trans. Most of them have had a very long tough road to get where they are, no matter where they've got to now in terms of a good life and success (or not). Even Caitlyn Jenner, who I have very little respect for, had a tough time.

          As for idiots thinking this is a modern phenomenon, there have been people dressing up as the "opposite sex" since recorded history. And earlier. There are plenty of cultures - even today - where there are "two-spirited" and "womanly men" and "manly women" genders. Some of it has been conflated with homosexuality, and some women's cross-dressing was about being able to get ahead in a man's world. But there have always been people who didn't feel like they belonged to their birth sex.

        2. Alistair
          Windows

          Re: Login box

          @Hollerithevo:

          " It would be better if each side didn't assume the other side were idiots or evil."

          With one line you've summed up the vast majority of all online trollfests. Kudos.

          It is the extremist responses and extremist assumptions that have resulted in a certain real estate con artist running the excited snakes, and the reactions of certain elements of the european population to changes in immigration, amongst so many other things.

  8. Skribblez

    Using Yahoo! mail for something important?

    Weren’t ALL the Yahoo! accounts compromised for ages? Even with changing your password, can you trust Yahoo! not to be compromised again/still?

    Seems to me that is a really weak link to have sitting out by itself without MFA, no?

    1. Anonymous Coward
      Anonymous Coward

      Re: Using Yahoo! mail for something important?

      If you're the owner of a web domain I'd expect you to be using an email account for that domain or paying for your own separate hosted domain with email, if not also hosting you own email server. Using a free internet email account is just asking for trouble. I still see tradesmen driving round in vans with things like 'bobsplumbing@freeserve.com' painted on them. There is no excuse.

      1. Da Weezil

        Re: Using Yahoo! mail for something important?

        I was once amazed to see a firm of (now defunct) West Wales Solicitors published email address as being @yahoo.com.

        That really does look professional

        1. John Brown (no body) Silver badge

          Re: Using Yahoo! mail for something important?

          To people outside the world of IT, using a well recognised email address is seen as good. Maybe not quite so much nowadays, but until fairly recently, only the big boys and geeks had domain addresses. I still see signed vans with @aol.co.uk on them too, although these days it tends to sole traders or very small businesses and they've been using that email address for many years. They may even have their own domain and website, but that email address is what everyone knows.

        2. To Mars in Man Bras!
          WTF?

          Re: Using Yahoo! mail for something important?

          I've lost count of the number of times I've seen companies whose website has a company domain name but whose company email addresses are @gmail, @yahoo, @aol, @btconnect.... etc. etc. I always wonder who they hired to setup their website that either didn't tell them or didn't know that, having the domain name, they could now use it for their email accounts too.

      2. Yet Another Anonymous coward Silver badge

        Re: Using Yahoo! mail for something important?

        >If you're the owner of a web domain I'd expect you to be using an email account for that domain

        Not necessarily for the technical contact address.

        It makes it a little tricky for the registrar to contact you if there is a problem with your domain

        1. doublelayer Silver badge

          Re: Using Yahoo! mail for something important?

          That's the difficulty with domains. In order to have email through one, you have to register it. In order to do that, you need an email address. So the only convenient way to do that is to get an address from someone else and use it to get your domain and then your other addresses. To some extent, you could use your new addresses to reserve future domains, but that could still result in an all-eggs-in-one-basket situation if your primary domain breaks.

          For example, I use my own domain for most email going to me, and that domain is backed up with a registrar account on a gmail address. I don't like that, and I'd rather have my own mailserver running that, but if something broke in my mailserver, registrar account, or domain, I'd be completely cut off. So gmail it is. If there is a way around this, I'm all ears.

      3. katrinab Silver badge

        Re: Using Yahoo! mail for something important?

        I use a hotmail account for my domain hosting, because if I have a problem with my domain, my proper email isn’t going to work.

      4. Doctor Syntax Silver badge

        Re: Using Yahoo! mail for something important?

        "If you're the owner of a web domain I'd expect you to be using an email account for that domain or paying for your own separate hosted domain with email"

        If a free gmail account is good enough for all those professional SEO "companies" that keep spamming me...

    2. FlamingDeath Silver badge

      Re: Using Yahoo! mail for something important?

      The hackers in the case of Yahoo, were balls deep for so long they were able to figure out how to forge their own cookies, so changing your password was pointless

      If you're a BT customer, chances are you have a BT yahoo! mail account

      I had to migrate every online account I had tied to that BT yahoo! address to Gmail

      Isn't outsourcing and giving up all responsibility a wonderful thing?

      I think the ICO fined Yahoo something like £0.50 per person affected in the UK

      What a pathetic punishment

      Why they didn't fine BT as well I do not know

    3. anatak

      Re: Using Yahoo! mail for something important?

      Here in Japan the cellphone providers are so nice to block all email from non japanese domains, making my email address from my own domain a bit useless. I receive email from potential customers but when replying i get the errot message that the email address doesn’t exist. Yahoo.co.jp addresses are of course accepted.

      1. Doctor Syntax Silver badge

        Re: Using Yahoo! mail for something important?

        "Here in Japan the cellphone providers are so nice to block all email from non japanese domains"

        So don't use your cellphone for email.

  9. Shadow Systems

    Follow the money.

    The article said the DNS was redirected to a CloudFlare account. To whom does that CF account belong? That's one Accessory you now have, so grab them & shake the next link in the chain out of them. Keep shaking until all the links are on the table & you can prosecute the entire lot of them.

    1. anatak

      Re: Follow the money.

      Who is going to pay for that prosecution? And do you think you ll get the culprits extradited if they are in a different jurisdiction (which is very likely)?

      1. katrinab Silver badge

        Re: Follow the money.

        They are TERFs so almost certainly in the UK.

    2. This post has been deleted by its author

    3. Jove Bronze badge

      Re: Follow the money.

      ... and what if the account was created using the partner's identity?

      They got access to one of her accounts, so you have to ask what else she gave away.

  10. John Brown (no body) Silver badge
    Unhappy

    A hijacking, not a hack

    The post is required, and must contain letters.

  11. itzman

    I cant believe that...

    someone would use a YAHOO mail account to admin a public domain.

    I can't actually believe that anyone who is in the business of IT would ever use a gmail or yahoo account anyway.

    1. doublelayer Silver badge

      Re: I cant believe that...

      What would you use? As I said above, you can't register a domain to use for mail until you already have an email to create the account, which means getting one from somewhere else. I send most of my email through my own domain, but I have to have the domain registration account through another one because the last thing I need is for my domain to break, requiring me to log in to an account that uses that domain in order to fix it. I'd rather not use gmail for this, but I don't see a better choice.

      So if we accept that a third party email service is required for this, which should we choose? I'm not accepting those companies that you pay for a mail account, because I've had enough of them fail. They change server settings, move your handler to a different one, or disconnect things. Then you end up in their customer support maze. No thanks. I have put some accounts like this on protonmail, but I am a bit concerned about trusting a service with something this important when that service relies on donations and doesn't really have a business behind it. If protonmail didn't get enough donations, I could not keep any of it alive. Say what you like about gmail, but at least I know that, if Google goes down, my domain problems are probably dwarfed by whatever took Google out. Google can't see my mail, because the domain mailserver handles that. They can't get malicious and log in for me because I have 2FA enabled and they don't know the password (and there is little likelihood that they would try anyway). So the major security problems with these mail services do not apply to my situation.

      If you have a better option, I'm open to trying it. So far, I have not found one.

  12. Anonymous Coward
    Anonymous Coward

    Coraline isn't a Linux dev.

  13. Donkey Molestor X

    Destroy All Mosnters: are you trying to justify hatred against trans persons and vandalism of a website because a transgender person beat somebody else up in an MMA fight?

    That is incredibly childish.

    If you are really committed to hatred of trans persons I urge you to put your money where your mouth is and dash your smartphone on the floor. After all, you wouldn't want to be any where near the ARM instruction architecture once you find out that Sophie Wilson, it's designer, was born Roger Wilson.

    1. Hollerithevo

      Nope

      No, it is not justifying hanfred against trans persons. Questioning the validity of the trans argument, but opposition does not equal hatred.

  14. andersenep

    if you think that's a hairy bum, you have lived a very sheltered life.

  15. Jeevels

    Yahoo account..? Now thats just lazy

    Are we looking passed the fact the most compromised email platform to date was still being used.

    This should be a heads up to anyone still using yahoo.

  16. Jove Bronze badge

    Partner's Affiliation to Linux.org

    Why would gaining access to his partner's account expose credentials to the Linux.org site?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like