Hello, guys I'm sorry if this list is not the right place to post this question but I can't figure a better place. As a Fedora ambassador (in Brazil) I've been asked by a lot of people about the recent invasion in our servers. The question I've been asked yesterday was “how it happened?” I'd like to explain here exactly what happened to make our users more comfortable and confident. Please excuse my bad english.
Thanks
Henrique "LonelySpooky" Junior ________________________________ "In a world without walls and fences, who needs windows and gates?!"
Novos endereços, o Yahoo! que você conhece. Crie um email novo com a sua cara @ymail.com ou @rocketmail.com. http://br.new.mail.yahoo.com/addresses
On Fri, 2008-09-12 at 09:40 -0700, Henrique Junior wrote:
Hello, guys I'm sorry if this list is not the right place to post this question but I can't figure a better place. As a Fedora ambassador (in Brazil) I've been asked by a lot of people about the recent invasion in our servers. The question I've been asked yesterday was “how it happened?” I'd like to explain here exactly what happened to make our users more comfortable and confident. Please excuse my bad english.
Hello Henrique. You can refer to the following announcement for the most recent update: http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.htm...
This is an ongoing investigation, and we'll provide another update as soon as more information is available.
aparentemente foi causado por uma falha no ssh, onde o atacante conseguiu assinar alguns pacotes com as chave's do fedora.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
http://lists.centos.org/pipermail/centos-announce/2008-August/015195.html
http://rhn.redhat.com/errata/RHSA-2008-0855.html
http://www.redhat.com/security/data/openssh-blacklist.html
On 9/12/2008 1:40 PM, Henrique Junior wrote:
Hello, guys I'm sorry if this list is not the right place to post this question but I can't figure a better place. As a Fedora ambassador (in Brazil) I've been asked by a lot of people about the recent invasion in our servers. The question I've been asked yesterday was “how it happened?” I'd like to explain here exactly what happened to make our users more comfortable and confident. Please excuse my bad english.
Thanks
Henrique "LonelySpooky" Junior ________________________________ "In a world without walls and fences, who needs windows and gates?!"
Novos endereços, o Yahoo! que você conhece. Crie um email novo com a sua cara @ymail.com ou @rocketmail.com.
http://br.new.mail.yahoo.com/addresses
Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Ola The update came because it seems that 'atacker' was able to sign some openssh packages. This update, as stated is provided just in case there is someone not using RHN to get updated packages. Customers using RHN to get updates were not afected. The errata also states that there's an ongoing investigation.
Regards Pablo
El lun, 15-09-2008 a las 19:19 -0300, Itamar - IspBrasil escribió:
aparentemente foi causado por uma falha no ssh, onde o atacante conseguiu assinar alguns pacotes com as chave's do fedora.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
http://lists.centos.org/pipermail/centos-announce/2008-August/015195.html
http://rhn.redhat.com/errata/RHSA-2008-0855.html
http://www.redhat.com/security/data/openssh-blacklist.html
On 9/12/2008 1:40 PM, Henrique Junior wrote:
Hello, guys I'm sorry if this list is not the right place to post this question but I can't figure a better place. As a Fedora ambassador (in Brazil) I've been asked by a lot of people about the recent invasion in our servers. The question I've been asked yesterday was “how it happened?” I'd like to explain here exactly what happened to make our users more comfortable and confident. Please excuse my bad english.
Thanks
Henrique "LonelySpooky" Junior ________________________________ "In a world without walls and fences, who needs windows and gates?!"
Novos endereços, o Yahoo! que você conhece. Crie um email novo com a sua cara @ymail.com ou @rocketmail.com.
http://br.new.mail.yahoo.com/addresses
Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
ele esta dizendo que o atacante conseguiu assinar alguns pacotes do ssh, se estes pacotes fossem colocados na internet em algum mirror qualquer e alguem fizesse um update e instalasse um destes pacotes a maquina estaria hackeada.
:-)
On 9/16/2008 7:39 AM, Pablo Iranzo Gómez wrote:
Ola The update came because it seems that 'atacker' was able to sign some openssh packages. This update, as stated is provided just in case there is someone not using RHN to get updated packages. Customers using RHN to get updates were not afected. The errata also states that there's an ongoing investigation.
Regards Pablo
Yes, but not that they 'attacked' Fedora infrastructure using a 'ssh package' signed... there's still no info on how and who ;), just 'what' :)
Regards Pablo
El mar, 16-09-2008 a las 07:48 -0300, Itamar - IspBrasil escribió:
ele esta dizendo que o atacante conseguiu assinar alguns pacotes do ssh, se estes pacotes fossem colocados na internet em algum mirror qualquer e alguem fizesse um update e instalasse um destes pacotes a maquina estaria hackeada.
:-)
On 9/16/2008 7:39 AM, Pablo Iranzo Gómez wrote:
Ola The update came because it seems that 'atacker' was able to sign some openssh packages. This update, as stated is provided just in case there is someone not using RHN to get updated packages. Customers using RHN to get updates were not afected. The errata also states that there's an ongoing investigation.
Regards Pablo
Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
infrastructure@lists.fedoraproject.org