FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Infrastructure

 
 
LinkBack Thread Tools
 
Old 09-12-2008, 04:40 PM
Henrique Junior
 
Default About the recent invasion

Hello, guys
I'm sorry if this list
is not the right place to post this question but I can't figure a
better place.
As a Fedora ambassador
(in Brazil) I've been asked by a lot of people about the recent
invasion in our servers. The question I've been asked yesterday was
“how it happened?”
I'd like to explain
here exactly what happened to make our users more comfortable and confident.
Please excuse my bad english.


Thanks

Henrique "LonelySpooky" Junior
________________________________
"In a world without walls and fences, who needs windows and gates?!"


Novos endereços, o Yahoo! que você conhece. Crie um email novo com a sua cara @ymail.com ou @rocketmail.com.
http://br.new.mail.yahoo.com/addresses


_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 09-12-2008, 04:59 PM
"Paul W. Frields"
 
Default About the recent invasion

On Fri, 2008-09-12 at 09:40 -0700, Henrique Junior wrote:
> Hello, guys
> I'm sorry if this list
> is not the right place to post this question but I can't figure a
> better place.
> As a Fedora ambassador
> (in Brazil) I've been asked by a lot of people about the recent
> invasion in our servers. The question I've been asked yesterday was
> “how it happened?”
> I'd like to explain
> here exactly what happened to make our users more comfortable and confident.
> Please excuse my bad english.

Hello Henrique. You can refer to the following announcement for the
most recent update:
http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html

This is an ongoing investigation, and we'll provide another update as
soon as more information is available.

--
Paul W. Frields
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://paul.frields.org/ - - http://pfrields.fedorapeople.org/
irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 09-15-2008, 10:19 PM
Itamar - IspBrasil
 
Default About the recent invasion

aparentemente foi causado por uma falha no ssh, onde o atacante
conseguiu assinar alguns pacotes com as chave's do fedora.


http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752

http://lists.centos.org/pipermail/centos-announce/2008-August/015195.html

http://rhn.redhat.com/errata/RHSA-2008-0855.html

http://www.redhat.com/security/data/openssh-blacklist.html

On 9/12/2008 1:40 PM, Henrique Junior wrote:


Hello, guys
I'm sorry if this list
is not the right place to post this question but I can't figure a
better place.
As a Fedora ambassador
(in Brazil) I've been asked by a lot of people about the recent
invasion in our servers. The question I've been asked yesterday was
“how it happened?”
I'd like to explain
here exactly what happened to make our users more comfortable and confident.
Please excuse my bad english.


Thanks

Henrique "LonelySpooky" Junior
________________________________
"In a world without walls and fences, who needs windows and gates?!"


Novos endereços, o Yahoo! que você conhece. Crie um email novo com a sua cara @ymail.com ou @rocketmail.com.
http://br.new.mail.yahoo.com/addresses


_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list






_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 09-16-2008, 10:39 AM
Pablo Iranzo Gómez
 
Default About the recent invasion

Ola
The update came because it seems that 'atacker' was able to sign some
openssh packages. This update, as stated is provided just in case there
is someone not using RHN to get updated packages. Customers using RHN to
get updates were not afected. The errata also states that there's an
ongoing investigation.

Regards
Pablo

El lun, 15-09-2008 a las 19:19 -0300, Itamar - IspBrasil escribió:
> aparentemente foi causado por uma falha no ssh, onde o atacante
> conseguiu assinar alguns pacotes com as chave's do fedora.
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4752
>
> http://lists.centos.org/pipermail/centos-announce/2008-August/015195.html
>
> http://rhn.redhat.com/errata/RHSA-2008-0855.html
>
> http://www.redhat.com/security/data/openssh-blacklist.html
>
> On 9/12/2008 1:40 PM, Henrique Junior wrote:
> >
> > Hello, guys
> > I'm sorry if this list
> > is not the right place to post this question but I can't figure a
> > better place.
> > As a Fedora ambassador
> > (in Brazil) I've been asked by a lot of people about the recent
> > invasion in our servers. The question I've been asked yesterday was
> > “how it happened?”
> > I'd like to explain
> > here exactly what happened to make our users more comfortable and confident.
> > Please excuse my bad english.
> >
> >
> > Thanks
> >
> > Henrique "LonelySpooky" Junior
> > ________________________________
> > "In a world without walls and fences, who needs windows and gates?!"
> >
> >
> > Novos endereços, o Yahoo! que você conhece. Crie um email novo com a sua cara @ymail.com ou @rocketmail.com.
> > http://br.new.mail.yahoo.com/addresses
> >
> >
> > _______________________________________________
> > Fedora-infrastructure-list mailing list
> > Fedora-infrastructure-list@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
> >
> >
> >
>
>
> _______________________________________________
> Fedora-infrastructure-list mailing list
> Fedora-infrastructure-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
--

Pablo Iranzo Gómez (Pablo.Iranzo@redhat.com)
RHCE/RHCSP/RHCSS Global Profesional Services Consultant Spain
Phone: +34 645 01 01 49 (CET/CEST)
GnuPG KeyID: 0xFAD3CF0D

--
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B-82 65 79 41
Directores: Michael Cunningham, Charlie Peters y David Owens
Dirección Registrada: Red Hat S.L., C/ Velazquez 63, Madrid 28001, España
Dirección contacto: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, Planta 3ºD, 28016 Madrid, Spain


_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 09-16-2008, 10:48 AM
Itamar - IspBrasil
 
Default About the recent invasion

ele esta dizendo que o atacante conseguiu assinar alguns pacotes do ssh,
se estes pacotes fossem colocados na internet em algum mirror qualquer e
alguem fizesse um update e instalasse um destes pacotes a maquina
estaria hackeada.


:-)



On 9/16/2008 7:39 AM, Pablo Iranzo Gmez wrote:

Ola
The update came because it seems that 'atacker' was able to sign some
openssh packages. This update, as stated is provided just in case there
is someone not using RHN to get updated packages. Customers using RHN to
get updates were not afected. The errata also states that there's an
ongoing investigation.

Regards
Pablo




_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 
Old 09-16-2008, 11:17 AM
Pablo Iranzo Gómez
 
Default About the recent invasion

Yes, but not that they 'attacked' Fedora infrastructure using a 'ssh
package' signed... there's still no info on how and who , just
'what'

Regards
Pablo


El mar, 16-09-2008 a las 07:48 -0300, Itamar - IspBrasil escribió:
> ele esta dizendo que o atacante conseguiu assinar alguns pacotes do ssh,
> se estes pacotes fossem colocados na internet em algum mirror qualquer e
> alguem fizesse um update e instalasse um destes pacotes a maquina
> estaria hackeada.
>
> :-)
>
>
>
> On 9/16/2008 7:39 AM, Pablo Iranzo Gómez wrote:
> > Ola
> > The update came because it seems that 'atacker' was able to sign some
> > openssh packages. This update, as stated is provided just in case there
> > is someone not using RHN to get updated packages. Customers using RHN to
> > get updates were not afected. The errata also states that there's an
> > ongoing investigation.
> >
> > Regards
> > Pablo
> >
>
>
> _______________________________________________
> Fedora-infrastructure-list mailing list
> Fedora-infrastructure-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
--

Pablo Iranzo Gómez (Pablo.Iranzo@redhat.com)
RHCE/RHCSP/RHCSS Global Profesional Services Consultant Spain
Phone: +34 645 01 01 49 (CET/CEST)
GnuPG KeyID: 0xFAD3CF0D

--
Inscrita en el Reg. Mercantil de Madrid – C.I.F. B-82 65 79 41
Directores: Michael Cunningham, Charlie Peters y David Owens
Dirección Registrada: Red Hat S.L., C/ Velazquez 63, Madrid 28001, España
Dirección contacto: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, Planta 3ºD, 28016 Madrid, Spain


_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
 

Thread Tools




All times are GMT. The time now is 02:25 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org