Information Security Short Takes: Fedora Servers Compromised

Search shortinfosec
Most Popular Posts
Blogger of the Day
Favorite Links
Blog Archive
▼ 2009 (3)

January (3)

► 2008 (134)

December (5)

November (4)

October (3)

September (2)

August (20)

July (27)

June (25)

May (15)

April (18)

March (1)

February (4)

January (10)
Alexa Rank

Internet Security
Recent Posts
Categories
- Blog carnival (7)
- business continuity (6)
- competition (2)
- Computer security (17)
- Databases (1)
- disaster recovery (2)
- encryption (7)
- forensics (7)
- fraud (4)
- GPS (1)
- How To (22)
- Incident Management (3)
- information security (82)
- information strategy (55)
- Instant Messaging (2)
- Network security (11)
- penetration testing (15)
- Physical security (4)
- privacy (8)
- SLA (4)
- software development (13)
- Solution building (26)
- steganography (1)
- Templates (2)
- training and certification (1)
Linkreferral

Site Meter

BlogCommunities

Fedora Servers Compromised

According to this announcement from yesterday, Fedora servers were compromised.

Here is a scary part of the announcement:

One of the compromised Fedora servers was a system used for signing
Fedora packages

That particular server had very little to do with Internet, and should have been properly isolated, even on a completely separate network from Internet accessible servers.

So, the readers should be careful with the current Fedora distro and packages download and install. I would wait for the next official release.

This event goes to show that large companies, regardless of industry can make poor security choices. And because large companies with high profile are a great publicity target, these poor choices are easily found by hackers

Anyway, respect to RedHat for the announcement. A lot of companies will simply sweep such an event under the rug.

Related posts
Portrait of Hackers

Talkback and comments are most welcome