[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: About the recent invasion



	Ola
	The update came because it seems that 'atacker' was able to sign some
openssh packages. This update, as stated is provided just in case there
is someone not using RHN to get updated packages. Customers using RHN to
get updates were not afected. The errata also states that there's an
ongoing investigation.

	Regards
	Pablo

El lun, 15-09-2008 a las 19:19 -0300, Itamar - IspBrasil escribió:
> aparentemente foi causado por uma falha no ssh, onde o atacante 
> conseguiu assinar alguns pacotes com as chave's do fedora.
> 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
> 
> http://lists.centos.org/pipermail/centos-announce/2008-August/015195.html
> 
> http://rhn.redhat.com/errata/RHSA-2008-0855.html
> 
> http://www.redhat.com/security/data/openssh-blacklist.html
> 
> On 9/12/2008 1:40 PM, Henrique Junior wrote:
> >
> > Hello, guys
> > I'm sorry if this list
> > is not the right place to post this question but I can't figure a
> > better place.
> > As a Fedora ambassador
> > (in Brazil) I've been asked by a lot of people about the recent
> > invasion in our servers. The question I've been asked yesterday was
> > “how it happened?”
> > I'd like to explain
> > here exactly what happened to make our users more comfortable and confident.
> > Please excuse my bad english.
> >
> >
> > Thanks
> >
> > Henrique "LonelySpooky" Junior
> > ________________________________
> > "In a world without walls and fences, who needs windows and gates?!"
> >
> >
> >        Novos endereços, o Yahoo! que você conhece. Crie um email novo com a sua cara @ymail.com ou @rocketmail.com.
> > http://br.new.mail.yahoo.com/addresses
> >
> >
> > _______________________________________________
> > Fedora-infrastructure-list mailing list
> > Fedora-infrastructure-list redhat com
> > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
> >
> >
> >    
> 
> 
> _______________________________________________
> Fedora-infrastructure-list mailing list
> Fedora-infrastructure-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
-- 

Pablo Iranzo Gómez (Pablo Iranzo redhat com)
RHCE/RHCSP/RHCSS Global Profesional Services Consultant Spain
Phone: +34 645 01 01 49 (CET/CEST)
GnuPG KeyID: 0xFAD3CF0D

--
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B-82 65 79 41
Directores: Michael Cunningham, Charlie Peters y David Owens
Dirección Registrada: Red Hat S.L., C/ Velazquez 63, Madrid 28001, España
Dirección contacto: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, Planta 3ºD, 28016 Madrid, Spain


Attachment: signature.asc
Description: Esta parte del mensaje está firmada digitalmente


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]