Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Infrastructure report, 2008-08-22 UTC 1200 [RedHat pwnd]
Fedora Announce List ^ | 22 Aug 2008 | Paul W. Frields

Posted on 08/22/2008 7:29:29 AM PDT by Doohickey

Last week we discovered that some Fedora servers were illegally accessed. The intrusion into the servers was quickly discovered, and the servers were taken offline.

Security specialists and administrators have been working since then to analyze the intrusion and the extent of the compromise as well as reinstall Fedora systems. We are using the requisite outages as an opportunity to do other upgrades for the sake of functionality as well as security. Work is ongoing, so please be patient. Anyone with pertinent information relating to this event is asked to contact fedora-legal redhat com

One of the compromised Fedora servers was a system used for signing Fedora packages. However, based on our efforts, we have high confidence that the intruder was not able to capture the passphrase used to secure the Fedora package signing key. Based on our review to date, the passphrase was not used during the time of the intrusion on the system and the passphrase is not stored on any of the Fedora servers.

(Excerpt) Read more at redhat.com ...


TOPICS: Technical
KEYWORDS: hack; tech
Feel good about the validity of your RH package signatures.
1 posted on 08/22/2008 7:29:29 AM PDT by Doohickey
[ Post Reply | Private Reply | View Replies]

To: Doohickey

“Treat every gun as loaded and no computer as secure”


2 posted on 08/22/2008 7:41:56 AM PDT by Psycho_Bunny (Islam: Imagine a clown car.........with guns.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Doohickey

“Feel good about the validity of your RH package signatures.”

It should be pointed out that this issue revolves around Fedora, the “hobbyist” version of Red Hat Linux.

Red Hat Enterprise Linux was apparently unaffected.


3 posted on 08/22/2008 8:05:20 AM PDT by PreciousLiberty
[ Post Reply | Private Reply | To 1 | View Replies]

To: Psycho_Bunny
“Treat every gun as loaded and no computer as secure”

Yes, every computer is insecure and all guns are always loaded. (It's the "as if" that gets you.)

4 posted on 08/22/2008 3:15:44 PM PDT by Mediocrates
[ Post Reply | Private Reply | To 2 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson