funsec mailing list archives
Re: Fedora confirms: Our servers were breached
From: Valdis.Kletnieks () vt edu
Date: Fri, 22 Aug 2008 12:54:13 -0400
On Fri, 22 Aug 2008 12:25:38 EDT, Larry Seltzer said:
Yes, the fact that Fedora isn't RHEL.OK, thanks, I see that. Let me get something straight here:... the intruder was able to sign a small number of OpenSSH packagesrelating only to Red Hat Enterprise Linux... So the suspicion is that the intruder inserted malicious code (or maybe the Debian random number generator?) into the packages and signed them?
I have no news as to what was in the backdoored packages.
Is anyone else as appalled by this as I am? Has there been such a compromise of a major OS before?
I guess you missed when the machine windowsupdate.microsoft.com got pwned by CodeRed a few years ago.. ;) You also probably missed when the openssh and sendmail servers got hacked a few years ago, both had trojan'ed tarballs dropped in that would do an "ET Phone home" when the sysadmin built the kit (*not* when it ran). In neither case did the attacker manage to PGP-sign the tarballs, but few people checked. One could also argue that *way* back when Karger&Schell did their pen-test analysis of Multics, that Multics was a major OS at the time... In other words: "This kind of shit happens all the time". ;)
I also have to say that this is the first I've heard that RH and/or Fedora sign their distribution packages. Is this common among Linux distros?
I don't know about Debian, but Ubuntu apparently does: % gpg --list-keys --keyring /etc/apt/trusted.gpg /etc/apt/trusted.gpg -------------------- pub 1024D/437D05B5 2004-09-12 uid Ubuntu Archive Automatic Signing Key <ftpmaster () ubuntu com> sub 2048g/79164387 2004-09-12 pub 1024D/FBB75451 2004-12-30 uid Ubuntu CD Image Automatic Signing Key <cdimage () ubuntu com>
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Fedora confirms: Our servers were breached Juha-Matti Laurio (Aug 22)
- Re: Fedora confirms: Our servers were breached Larry Seltzer (Aug 22)
- Re: Fedora confirms: Our servers were breached Valdis . Kletnieks (Aug 22)
- Re: Fedora confirms: Our servers were breached Larry Seltzer (Aug 22)
- Re: Fedora confirms: Our servers were breached Valdis . Kletnieks (Aug 22)
- Re: Fedora confirms: Our servers were breached Valdis . Kletnieks (Aug 22)
- Re: Fedora confirms: Our servers were breached Dragos Ruiu (Aug 22)
- Re: Fedora confirms: Our servers were breached Larry Seltzer (Aug 22)
- Re: Fedora confirms: Our servers were breached Larry Seltzer (Aug 22)