Slashdot Mirror

← Back to Stories (view on slashdot.org)

Red Hat, Fedora Servers Compromised

Posted by kdawson on Friday August 22, 2008 @02:04AM from the quick-action dept.

An anonymous reader writes "In an email sent to the fedora-announce mailing list, it has been revealed that both Fedora and Red Hat servers have been compromised. As a result Fedora is changing their package signing key. Red Hat has released a security advisory and a script to detect potentially compromised openssh packages."

1 of 278 comments (clear)

Min score:

Reason:

Sort:

Re:Nothing to see here. by calmond · 2008-08-22 03:05 · Score: 5, Interesting

What surprises me about this the most is that the system was connected to the network/Internet at all. I had always been of the understanding that to prevent this, the signing server was a stand-alone system accessible only by sneaker-net with physical media. You take your package on CD/DVD/USB key to the server, sign it, then take the signed package back via physical media and distribute it. One Federal Gov.t agency in my home town does this and the server is behind three locked doors too, with three different people needed to get physical access. Why didn't RedHat/Fedora do something like this? It really isn't that much of a pain in the ass when you think about it...