After a week of wondering, Red Hat has confirmed that someone broke in and compromised their security. Although It doesn’t appear the attacker was able to retrieve the passphrase used to sign Fedora packages, the team is switching to new keys. In a separate intrusion the attacker tampered with and signed OpenSSH packages for RHEL. While it’s good to get the full story, no one is happy how long it took Red Hat to release these details.
[via Zero Day]
[photo: afsilva]
If you want to understand just how scary a break-in like this could be, check out Ken Thompson’s classic Turing award paper, “Reflections on Trusting Trust”
http://cm.bell-labs.com/who/ken/trust.html
It’ll send a chill down your spine…
In similar news, http://www.twitter.com got accounts phished on sunday. I guess no site is safe.