Fedora Infrastructure Compromised

Posted by CmdrTaco on Tuesday January 25, 2011 @06:12AM from the hate-when-that-happens dept.

Trailrunner7 writes "The infrastructure of the Fedora Project was compromised over the weekend and an account belonging to a Fedora contributor was taken over by an attacker. However, Fedora officials said they don't believe that the attacker was able to push any changes to the Fedora package system or make any actual changes to the infrastructure. The attack appears to have targeted one specific user account, which had some high-value privileges. The attacker was able to compromise the account externally, and then had the ability to connect remotely to some Fedora systems. The attacker also changed the account's SSH key, Fedora officials said."

4 of 115 comments (clear)

Min score:

Reason:

Sort:

Re:Believe? by syntap · 2011-01-25 06:17 · Score: 4, Insightful

Logs can be faked. How about a bitwise comparison to the known-good package system?
Re:Yay, Open Source! by wagnerrp · 2011-01-25 06:19 · Score: 3, Insightful

No, they have to Virtual Desktop in.
Re:Yay, Open Source! by oodaloop · 2011-01-25 06:22 · Score: 2, Insightful

And what, interject some bad code? How would anyone know?

--
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
Re:This never would have happened... by 0123456 · 2011-01-25 06:48 · Score: 3, Insightful

P.S. Of course if they were serious about security in the first place they wouldn't even allow logins with passwords and would require public key authentication instead.