Full Disclosure mailing list archives
Re: Fedora confirms: Our servers were breached
From: "James Matthews" <nytrokiss () gmail com>
Date: Fri, 22 Aug 2008 11:44:48 -0700
Hmm....... RedHat's package signing key was used to sign trojaned OpenSSH packages. RedHat does not think these were distributed via the Red Hat Network auto-update service. On Fri, Aug 22, 2008 at 10:37 AM, coderman <coderman () gmail com> wrote:
On Fri, Aug 22, 2008 at 7:41 AM, Juha-Matti Laurio <juha-matti.laurio () netti fi> wrote:... "One of the compromised Fedora servers was a system used for signingFedora packages." deploying all new signing keys to every fedora install. this is akin to verisign deploying a new root. thanks for such a prompt update guys! (aug14 discovery to aug22 announce...) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- http://www.goldwatches.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fedora confirms: Our servers were breached Juha-Matti Laurio (Aug 22)
- Re: Fedora confirms: Our servers were breached coderman (Aug 22)
- Re: Fedora confirms: Our servers were breached James Matthews (Aug 22)
- Re: Fedora confirms: Our servers were breached Jerome Benoit (Aug 22)
- Re: Fedora confirms: Our servers were breached Dragos Ruiu (Aug 22)
- Re: Fedora confirms: Our servers were breached William McAfee (Aug 22)
- Re: Fedora confirms: Our servers were breached coderman (Aug 22)