Red Hat confirms security breach
posted Aug 23rd 2008 3:30pm by Eliot Phillipsfiled under: security hacks
After a week of wondering, Red Hat has confirmed that someone broke in and compromised their security. Although It doesn’t appear the attacker was able to retrieve the passphrase used to sign Fedora packages, the team is switching to new keys. In a separate intrusion the attacker tampered with and signed OpenSSH packages for RHEL. While it’s good to get the full story, no one is happy how long it took Red Hat to release these details.
[via Zero Day]
[photo: afsilva]
If you want to understand just how scary a break-in like this could be, check out Ken Thompson’s classic Turing award paper, “Reflections on Trusting Trust”
http://cm.bell-labs.com/who/ken/trust.html
It’ll send a chill down your spine…
Posted at 4:39 pm on Aug 23rd, 2008 by J. Peterson