Zero Day
Ryan Naraine and Dancho DanchevFedora infrastructure breach?
Summary
Has there been a security breach in Red Hat Fedora’s infrastucture systems?
According to a cryptic announcement posted to the Fedora-Announce mailing list, the open-source group is investigating an unspecified “issue in the infrastructure systems” that has resulted in widespread service outages.
In the note, Fedora maintainers recommend that end users avoid downloading packages on Fedora systems, [...]
Topics
Blogger Info
Ryan Naraine
Biography
Ryan Naraine
Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.
Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.
Dancho Danchev
Biography
Dancho Danchev
Has there been a security breach in Red Hat Fedora’s infrastucture systems?
According to a cryptic announcement posted to the Fedora-Announce mailing list, the open-source group is investigating an unspecified “issue in the infrastructure systems” that has resulted in widespread service outages.
In the note, Fedora maintainers recommend that end users avoid downloading packages on Fedora systems, which strongly hints at a security-related problem:
- The Fedora Infrastructure team is currently investigating an issue in the infrastructure systems. That process may result in service outages, for which we apologize in advance. We’re still assessing the end-user impact of the situation, but as a precaution, we recommend you not download or update any additional packages on your Fedora systems.
A follow-up message posted over the weekend said the investigations were continuing but there are no details available on the cause of the problem.
Efforts to contact Red Hat Fedora maintainers have so far been unsuccessful. I will update this post as necessary.
* Image credit: jgbrl’s Flickr photostream (Creative Commons 2.0)
Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.
Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.
Disclosure
Ryan Naraine
Biography
Ryan Naraine
Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.
Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.
More from “Zero Day”
Related Discussions on TechRepublic
Did you know you can take part in these discussions with your ZDNet membership?Talkback Most Recent of 10 Talkback(s)
-
Denial isn't a river in Egypt
Rather than deny anything, the Fedora team is just going to try to keep it under wraps. Wonder what OS their servers are running?
NotMSUser08/18/2008 08:49 AM -
Updates seemed to be working last night
But thanks for the heads up.
John L. Ries08/18/2008 09:16 AM -
May or may not be related
When I went to reboot the machine tonight, GRUB appeared to have been clobbered (all I got was the word "GRUB"). A reinstallation of GRUB (from the handy dandy install DVD) fixed the problem.John L. Ries08/18/2008 08:40 PM -
Yes, but those updates maybe compromised.
Updates of Fedora recently maybe compromised by an cracker (hacker gone bad) so updates for Fedora are in question now. Make sure there is no unusual activities or network traffic on your system since you -may- and the key word is "may" download compromised software.
phatkat08/19/2008 11:51 AM -
RE: Fedora infrastructure breach?
Hopefully they didn't lose the information they'll need for a post-mortem and the reason for the downtime is forensics.
npdavis@...08/18/2008 10:48 AM -
RE: Fedora infrastructure breach?
I wonder what desktop Bill Gates is running.
bbneo08/19/2008 10:43 AM -
This is the evidence that linux and open source are unsafe
This is the evidence that linux and open source are unsafe
qmlscycrajg(Edited: 08/20/2008 09:15 AM) -
what makes you think it is a security issue?
There is nothing in the post from the Fedora team that suggests their problem is security related. They may have a problem with their hardware or their link to the Internet and want to reduce the load on their server while they get them going again. Ryan, I think you are jumping confusions...
OzDot08/21/2008 09:35 PM -
this
http://rhn.redhat.com/errata/RHSA-2008-0855.html
"In connection with the incident, the intruder was able to sign a small
number of OpenSSH packages relating only to Red Hat Enterprise Linux 4
(i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64
architecture only). As a precautionary measure, we are releasing an
updated version of these packages, and have published a list of the
tampered packages and how to detect them at
http://www.redhat.com/security/data/openssh-blacklist.html"
Donald7508/22/2008 11:19 AM -
hindsight is 50/50
This release from RH came out after my comment and after the blog entry was posted. At the time, there was nothing to suggest the problem was security related - at least nothing in the cited reference for the blog entry.OzDot08/27/2008 09:09 PM
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Facebook Activity
Blog Roll
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- A Developer's View
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Five Nines: The Next Gen Datacenter
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- India IT
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- Networking
- On Sustainability
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
Blog Archive
White Papers, Webcasts, & Resources
- The Essentials Series: Why You Need to DefragmentTake an eye-opening look at the effects of fragmentation on the overall performance of your PC systems, its real-world costs, and how to fight back. (Diskeeper) Download Now
- Is Preventing Fragmentation Needed in Today's Environment?Is fragmentation prevention needed in today's IT environment? As the speed ... (Diskeeper) Download Now
- Live Webcast: Businesses Thrive with Google AppsBusinesses are increasingly turn to Google Apps as a versatile and ... (Google) Download Now
