Full Disclosure mailing list archives

Re: Fedora confirms: Our servers were breached

From: Dragos Ruiu <dr () kyx net>
Date: Fri, 22 Aug 2008 13:25:41 -0700


On 22-Aug-08, at 7:41 AM, Juha-Matti Laurio wrote:

New information about the "important infrastructure issue" affecting  
to Fedora Project has been released today.
Mr. Paul W. Frields, Fedora Project Leader has posted an  
announcement about the facts, including:
"One of the compromised Fedora servers was a system used for signing  
Fedora packages."
More information available at
https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html
and
http://blogs.securiteam.com/index.php/archives/1130


It's ok, only a small number of architectures were affected:

http://rhn.redhat.com/errata/RHSA-2008-0855.html

You only have something to worry about if you have some x86 boxes. :-)

cheers,
--dr

--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Buenos Aires, Argentina   Sept. 30 / Oct. 1 - 2008    http://ba-con.com.ar
Tokyo, Japan  November 12/13 2008  http://pacsec.jp
Vancouver, Canada  March 16-20 2009  http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Fedora confirms: Our servers were breached Juha-Matti Laurio (Aug 22)
- Re: Fedora confirms: Our servers were breached coderman (Aug 22)
  - Re: Fedora confirms: Our servers were breached James Matthews (Aug 22)
- Re: Fedora confirms: Our servers were breached Jerome Benoit (Aug 22)
- Re: Fedora confirms: Our servers were breached Dragos Ruiu (Aug 22)
  - Re: Fedora confirms: Our servers were breached William McAfee (Aug 22)