Newsletters Welcome, Guest Log In | Register
News:

Security

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

0

Red Hat Reveals Details on Fedora Intrusion

Posted by Kara Reeder Mar 31, 2009 9:20:17 AM

Last August, Red Hat admitted that hackers accessed infrastructure servers belonging to the company and the Fedora Project. Now after a six-month investigation, Red Hat is revealing exactly what happened.

 

According to internetnews.com blogger Sean Michael Kerner, the attacker was able to get hold of an SSH key that belonged to a Fedora administrator that wasn't properly secured. The intruder used the key to build modified versions of openssh and rpm. But Red Hat says good news is that

"... the investigation supports the conclusion that the modified packages were discovered before anyone accessed the system to sign any packages using the modified RPM package."

Red Hat Fedora Project Leader Paul Frields reiterates,

"... our analysis supports our initial findings that the Fedora Project infrastructure delivered no software compromised by the intruder to any of its mirrors, or the master repository from which they synchronize content. Our investigation also shows that the intrusion affected only a few internal Fedora infrastructure servers. Most of the mitigation work done by the Fedora Infrastructure team was precautionary, and allows us to have higher confidence in our present and future work."

Related Content

Add a comment Leave a comment on this blog post.

There are no comments on this post

Premium Tools

Browse

IT Security Manual Template

Immediately download a customizable set of documents and templates that covers every aspect of IT Security. These templates are compliant with ISO27000, HIPPAA and Sarbanes oxley standards.

Learn more >

The IT Governance and Compliance Toolkit

This Toolkit is a collection of templates and instructional documents that help you assess and establish the crucial policies that you need to operate a secure and compliant IT organization.

Learn more >

Related Content

Browse

Topic: Network Security

Protect and preserve your network, your data and the life of your business

Blog: Communicating E-Commerce Security Efforts with Consumers

Article: NSF Problem Proves Basic Content Filtering No Longer Enough

White Paper: Bullet-Proofing Instant Messaging

Related Topics

Intrusion-Prevention Systems, Red Hat

Featured White Papers

Browse

Should You Install Messaging Security Software on Your Exchange Server?

This white paper discusses the detailed results of an Osterman Research survey on messaging security software and conclusions about administrators' attitudes regarding installing third-party software on the Exchange server.

Web Security SaaS: The Next Generation of Web Security

This white paper describes the next generation of Web security and identifies the critical elements that make for lower-cost and easier-to-manage Web security solutions.

Resource Centers

Browse

Data Loss Protection

Data-loss prevention tactics, technologies and best practices to protect your sensitive and valuable company data.

Featured Whitepapers

Realizing Enhanced Productivity and Timely ROI from Your DLP Security Technology

Security Information and Event Management

Best practices, strategies and technologies to help you use security information and event log management efficiently and effectively in order to get business value in terms of increased security, reduced risk, regulatory compliance and increased business agility.

Featured Whitepapers

The Top Ten Insider Threats and How to Prevent Them

Security SaaS Solutions

Hosted security solutions that not only protect your data, but reduce your security management TCO, as well.

Featured Whitepapers

Why Security SaaS Makes Sense Today