http://www.osnews.com/story/20215/Red_Hat_Fedora_Servers_Infiltrated_By_Attackers Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Mon, 09 Nov 2009 06:20:20 GMT http://www.osnews.com/images/osnews.gif http://www.osnews.com http://osnews.com/thread?327944 http://osnews.com/thread?327944 Their package signing key was compromised and the intruders managed to get some OpenSSH packages signed. Combined with DNS poisoning this could be nasty. Tue, 26 Aug 2008 14:07:00 GMT donotreply@osnews.com (slight) Comments http://osnews.com/thread?327957 http://osnews.com/thread?327957 It could have been bad if they had not caught it. But it is pretty easily fixed as they just issue a point release with a new key and will overwrite the older version if you happened to get it. Doesnt look like too many people actually downloaded it though. Tue, 26 Aug 2008 14:59:00 GMT donotreply@osnews.com (TechGeek) Comments http://osnews.com/thread?327961 http://osnews.com/thread?327961 "Last week Red Hat detected an intrusion on certain of its computer systems and took immediate action."

"the intruder was able to sign a small
number of OpenSSH packages"

If an outsider is able to gain Redhat's signing authority, then there is something wrong about how and where such critical data is stored there. Redhat also mixes in a separate security fix in this errata to make the break in and internal problem seem trivial. Tue, 26 Aug 2008 15:17:00 GMT donotreply@osnews.com (libray) Comments http://osnews.com/thread?327980 http://osnews.com/thread?327980 Actually, there were two separate attacks (although probably related) on the Red Hat and Fedora infrastructure servers. The Red Hat attacker was able to sign some openssh packages. My impression is that the intrusion was detected before the packages were pushed to users. But they did not compromise the private key since it is in a hardware device.

The Fedora attacker was not able to sign any packages but did potentially compromise the signing key so they generated a new one. In both cases, they shut down the update service until everything was fixed. They also forced all the Fedora contributors to generate new certificates and upload new SSH keys. Tue, 26 Aug 2008 16:31:00 GMT donotreply@osnews.com (Znark) Comments http://osnews.com/thread?327983 http://osnews.com/thread?327983 People were saying that Linux dont get attacked because of market share percentage. Seems they are doing just for the hell of it, linux Mint go his to as well recently.

I think this testes the state of Linux repos and key system since it's pretty much very minor for their users. Disruption would be for the distro users only, not the whole linux community. Tue, 26 Aug 2008 16:39:00 GMT donotreply@osnews.com (SlackerJack) Comments http://osnews.com/thread?327986 http://osnews.com/thread?327986 The obscurity only applies to the desktop as I would suspect that the majority of webservers run Linux.

Also, we do not have all the details yet. All it could be is a (now ex) disgruntled employee who had authorisation to work in these departments.

Or it could be that a person who had authority had its account hijacked.

Or it could be something else entirely. Tue, 26 Aug 2008 16:49:00 GMT donotreply@osnews.com (VistaUser) Comments http://osnews.com/thread?328050 http://osnews.com/thread?328050 I think the point is that it should never of happened.

Prevention is always better than cure. Tue, 26 Aug 2008 22:10:00 GMT donotreply@osnews.com (flanque) Comments http://osnews.com/thread?328054 http://osnews.com/thread?328054 I guess the hacker was good at it. Redhat should hire him. Tue, 26 Aug 2008 22:25:00 GMT donotreply@osnews.com (2501) Comments