Star Red Hat, Fedora Servers Infiltrated By Attackers
Linked by Adam S on Tue 26th Aug 2008 12:29 UTC, submitted by Hakime
Red Hat Linux distributor Red Hat has issued a statement (Ed: via their errata) revealing that its servers were illegally infiltrated by unknown intruders. According to the company, internal audits have confirmed that the integrity of the Red Hat Network software deployment system was not compromised. The community-driven Fedora project, which is sponsored by Red Hat, also fell victim to a similar attack. More news is available around the web.
E-mail Print r 2   8 Comment(s) http://osne.ws/flj
Order by: Score:
Add Comment Post a Comment

Not entirely accurate
by slight on Tue 26th Aug 2008 14:07 UTC
slight
Member since:
2006-09-10

Their package signing key was compromised and the intruders managed to get some OpenSSH packages signed. Combined with DNS poisoning this could be nasty.

Reply Bookmark Score: 3

RE: Not entirely accurate
by TechGeek on Tue 26th Aug 2008 14:59 UTC in reply to "Not entirely accurate"
TechGeek Member since:
2006-01-14

It could have been bad if they had not caught it. But it is pretty easily fixed as they just issue a point release with a new key and will overwrite the older version if you happened to get it. Doesnt look like too many people actually downloaded it though.

Reply Bookmark Score: 2

RE[2]: Not entirely accurate
by flanque on Tue 26th Aug 2008 22:10 UTC in reply to "RE: Not entirely accurate"
flanque Member since:
2005-12-15

I think the point is that it should never of happened.

Prevention is always better than cure.

Reply Bookmark Score: 3

RE: Not entirely accurate
by Znark on Tue 26th Aug 2008 16:31 UTC in reply to "Not entirely accurate"
Znark Member since:
2006-01-09

Actually, there were two separate attacks (although probably related) on the Red Hat and Fedora infrastructure servers. The Red Hat attacker was able to sign some openssh packages. My impression is that the intrusion was detected before the packages were pushed to users. But they did not compromise the private key since it is in a hardware device.

The Fedora attacker was not able to sign any packages but did potentially compromise the signing key so they generated a new one. In both cases, they shut down the update service until everything was fixed. They also forced all the Fedora contributors to generate new certificates and upload new SSH keys.

Reply Bookmark Score: 1

Is pretty accurate
by libray on Tue 26th Aug 2008 15:17 UTC
libray
Member since:
2005-08-27

"Last week Red Hat detected an intrusion on certain of its computer systems and took immediate action."

"the intruder was able to sign a small
number of OpenSSH packages"

If an outsider is able to gain Redhat's signing authority, then there is something wrong about how and where such critical data is stored there. Redhat also mixes in a separate security fix in this errata to make the break in and internal problem seem trivial.

Reply Bookmark Score: 1

Proven
by SlackerJack on Tue 26th Aug 2008 16:39 UTC
SlackerJack
Member since:
2005-11-12

People were saying that Linux dont get attacked because of market share percentage. Seems they are doing just for the hell of it, linux Mint go his to as well recently.

I think this testes the state of Linux repos and key system since it's pretty much very minor for their users. Disruption would be for the distro users only, not the whole linux community.

Reply Bookmark Score: 2

RE: Proven
by VistaUser on Tue 26th Aug 2008 16:49 UTC in reply to "Proven"
VistaUser Member since:
2008-03-08

The obscurity only applies to the desktop as I would suspect that the majority of webservers run Linux.

Also, we do not have all the details yet. All it could be is a (now ex) disgruntled employee who had authorisation to work in these departments.

Or it could be that a person who had authority had its account hijacked.

Or it could be something else entirely.

Reply Bookmark Score: 1

hacker
by 2501 on Tue 26th Aug 2008 22:25 UTC
2501
Member since:
2005-07-14

I guess the hacker was good at it. Redhat should hire him.

Reply Bookmark Score: 1

Add Comment Post a Comment