Skip to comments.Infrastructure report, 2008-08-22 UTC 1200 [RedHat pwnd]
Posted on 08/22/2008 7:29:29 AM PDT by Doohickey
Last week we discovered that some Fedora servers were illegally accessed. The intrusion into the servers was quickly discovered, and the servers were taken offline.
Security specialists and administrators have been working since then to analyze the intrusion and the extent of the compromise as well as reinstall Fedora systems. We are using the requisite outages as an opportunity to do other upgrades for the sake of functionality as well as security. Work is ongoing, so please be patient. Anyone with pertinent information relating to this event is asked to contact fedora-legal redhat com
One of the compromised Fedora servers was a system used for signing Fedora packages. However, based on our efforts, we have high confidence that the intruder was not able to capture the passphrase used to secure the Fedora package signing key. Based on our review to date, the passphrase was not used during the time of the intrusion on the system and the passphrase is not stored on any of the Fedora servers.
(Excerpt) Read more at redhat.com ...
“Treat every gun as loaded and no computer as secure”
“Feel good about the validity of your RH package signatures.”
It should be pointed out that this issue revolves around Fedora, the “hobbyist” version of Red Hat Linux.
Red Hat Enterprise Linux was apparently unaffected.
Yes, every computer is insecure and all guns are always loaded. (It's the "as if" that gets you.)