Red Hat gets hacked

Submit

Red Hat warned on Friday that a network attack compromised some servers last week that are involved with both its commercially supported and free versions of Linux.

The breaches involved Red Hat Linux Enterprise servers and those from its community-supported Fedora project that it sponsors.

Red Hat said in a security advisory that it is confident the intrusion did not compromise the Red Hat Network, which is the chief mechanism used to distribute changes to its Red Hat Enterprise Linux product, or updates sent over the network. Therefore customers are not at risk, the company said.

The open source vendor also released a script designed to detect potentially compromised OpenSSH (OpenBSD's Secure Shell protocol implementation) packages.

"We are issuing this alert primarily for those who may obtain Red Hat binary packages via channels other than those of official Red Hat subscribers," the advisory said.

The intruder was able to sign a "small number" of OpenSSH packages relating to Red Hat Enterprise Linux versions 4 and 5, so Red Hat is releasing an updated version of those packages. The company has published a list of the tampered packages and instructions for how to detect them.

A Fedora project leader issued an alert to a Fedora e-mail list that some Fedora servers were taken offline after they were found to have been illegally accessed last week.

"One of the compromised Fedora servers was a system used for signing Fedora packages. However, based on our efforts, we have high confidence that the intruder was not able to capture the passphrase used to secure the Fedora package signing key," the alert said.

Despite the fact that there is no evidence that the Fedora key has been compromised, Fedora is converting to new Fedora signing keys because Fedora packages are distributed via multiple third-party mirrors and repositories.

Talkback

Quick Poll

What is the biggest data management challenge in your organisation?

Inconsistent data and overlapping sources
Rising management and maintenance costs
Scaling the database to meet business needs
Handling analysis of streaming data
Complexity in data security auditing and reporting databases
Inability to keep up with growth in requirements

ZDNet Australia Live

Cillit Bang and Facebook clean up with All in 1 social commerce offering: Reckitt Benckiser has taken social com... http://t.co/TFDWc8ws

6 minutes ago by lalimaw on twitter, retweet

Google's next cash cow The iPhone | ZDNet: Weve discussed before how Microsoft looks at the Android mobile platf... http://t.co/imaK8eoC

21 minutes ago by jbjellybeans on twitter, retweet

Steve Jobs through the FBI lens: What a (mundane) life http://t.co/DYJCuoh6

51 minutes ago by MobiMediaMarket on twitter, retweet

Women in Tech: Gayle Laakmann McDowell excels beyond the stereotypes http://t.co/hXKZKabD

51 minutes ago by MobiMediaMarket on twitter, retweet

http://t.co/DH0xNzc8 http://t.co/gGXo0z2i

1 hour ago by PandoranAge on twitter, retweet

NASA's ideas on future of flight: photos - Hardware - Insight - ZDNet Australia http://t.co/VuhEoIWX

1 hour ago by PandoranAge on twitter, retweet

Microsoft's plan to bring its ERP users slowly but surely to the cloud http://t.co/21hOxoUE

1 hour ago by TechGo411 on twitter, retweet

RT @kaspersky: Naming and shaming doesn't catch crims http://t.co/fXjmFqYo via @zdnetaustralia @mukimu

1 hour ago by raymondsnow on twitter, retweet

RT @Cyber_War_News: Hacker denied $50K payout, releases code - ZDNet Asia News http://t.co/nvBbIjhj

1 hour ago by Netzblockierer on twitter, retweet

RT @kaspersky: Naming and shaming doesn't catch crims http://t.co/EA5pvc1l via @zdnetaustralia @mukimu

1 hour ago by HansenKarsten on twitter, retweet

Skyrim

1 hour ago by gurnorpdurn on iiNet undercuts Internode with NBN pricing

RT @kaspersky: Naming and shaming doesn't catch crims http://t.co/EA5pvc1l via @zdnetaustralia @mukimu

1 hour ago by KasperskyAfrica on twitter, retweet

#android RIM: Unlike Android, BlackBerry will keep out 'crap' apps - ZDNet UK http://t.co/covGyNTS

1 hour ago by nzandroid on twitter, retweet

Microsoft's plan to bring its ERP users slowly but surely to the cloud http://t.co/Rp5G7cbq

1 hour ago by MobiMediaMarket on twitter, retweet

Naming and shaming doesn't catch crims http://t.co/EA5pvc1l via @zdnetaustralia @mukimu

2 hours ago by kaspersky on twitter, retweet

Minecraft Online

2 hours ago by LEARGEOVEME on iiNet undercuts Internode with NBN pricing

Teens prefer #Facebook, #Twitter to television? http://t.co/gsxiUe6m - If it stops Reality TV shows, I say YAY!

2 hours ago by Hossary on twitter, retweet

RT @Cyber_War_News: Hacker denied $50K payout, releases code - ZDNet Asia News http://t.co/nvBbIjhj

2 hours ago by shujincell on twitter, retweet

iPad 3 rumor roundup http://t.co/mFDqLFSS

2 hours ago by MobiMediaMarket on twitter, retweet

RT @Cyber_War_News: Hacker denied $50K payout, releases code - ZDNet Asia News http://t.co/nvBbIjhj

3 hours ago by RenegadeRouge on twitter, retweet

RT @christinecottre: Caffeine fix? Now you can literally inhale it. http://t.co/myqJvznI I'd rather drink it, thanks.

3 hours ago by ElaiaCafe on twitter, retweet

RT @jbtaylor: See how Australia's wireless carriers fight w/ regulators who promote spectrum competition. http://t.co/pU2C9miD They don't. #twinbells

3 hours ago by Det_Conan_Kudo on twitter, retweet

Intel SSD 520 solid-state drive bets on improved reliability over low price http://t.co/ziVZMgYO

3 hours ago by MobiMediaMarket on twitter, retweet

RT @Cyber_War_News: Hacker denied $50K payout, releases code - ZDNet Asia News http://t.co/nvBbIjhj

4 hours ago by thAtoneGeye on twitter, retweet

RT @Cyber_War_News: Hacker denied $50K payout, releases code - ZDNet Asia News http://t.co/nvBbIjhj

4 hours ago by Kyler_DK on twitter, retweet

Caffeine fix? Now you can literally inhale it. http://t.co/myqJvznI I'd rather drink it, thanks.

4 hours ago by christinecottre on twitter, retweet

Hacker denied $50K payout, releases code - ZDNet Asia News http://t.co/nvBbIjhj

4 hours ago by Cyber_War_News on twitter, retweet

Facebook's highest valuation yet: $102.3 billion http://t.co/QrNCnzaU

4 hours ago by Keturah_Gaerlan on twitter, retweet

Facebook's highest valuation yet: $102.3 billion http://t.co/Bgg7Kd2d

4 hours ago by Kanesha_Lafevre on twitter, retweet

Evolven - a Cloudyn customer profile: Evolven develops a Change Monitoring solution that was designed from the g... http://t.co/KPSy6j3B

4 hours ago by UVCMUG on twitter, retweet

Keylogging student caught hacking college grades http://t.co/nxV5ScnZ

4 hours ago by hdiblasi on twitter, retweet

Transparent Android screen app prevents you hitting that lamp post http://t.co/DhJ5KIoF

4 hours ago by kingso on twitter, retweet

RT @edbott: iOS apps: Massive invasion of user privacy? http://t.co/pDpooElQ

4 hours ago by JSDreke on twitter, retweet

RT @PrivacyCamp: Microsoft starts protecting your data | ZDNet http://t.co/xQRC4B1O

4 hours ago by drjaniceduffy on twitter, retweet

http://t.co/8e87aAZJ Teens prefer Facebook, Twitter to television? - ZDNet (blog)

4 hours ago by newstodaybzcm on twitter, retweet

ZDNet | Using the Verizon iPhone as a hotspot may save you money http://t.co/yvCoRiBU | #Dev

4 hours ago by InTVision on twitter, retweet

Teens prefer Facebook, Twitter to television? | ZDNet http://t.co/v8rlyfq6

4 hours ago by dung_h2 on twitter, retweet

Soooo... it's okay for Apple to demand use of technologies and designs falling under competitors patents (considered "standards"), but on...

4 hours ago by MoWeb on Apple wants new rules for mobile patents

Yo, Only joined this forum today. Looking forward to meet you all! Happy New Year! ...

4 hours ago by HannahPe on Victorian govt quietly begins ICT blog

Hello. Looking for Azithromycin? [url=http://www.formspring.me/azithromycinbuy]Buy azithromycin USA[/url] My doctor advice me this ap...

6 hours ago by azikmanich on Gateway glitch causes NSW fine overpayment online

constitutes Resistant produced different nicely far recognized familiar fashion is purchased authenticity located sued Each superior styl...

6 hours ago by Immimiduh on Abetz shifted in reshuffle

But I am having an intelligent conversation young fibes, my point is the lofty goal that all are equal is unfortunately not so. That is w...

6 hours ago by Doubt on NBN Co inks $620m satellite deal

May be so, but we do need to lighten up some of these people who are so serious. poor old fibretech nearly brings tears to the eyes and j...

6 hours ago by Doubt on Turnbull decries 'Rolls-Royce' satellites

hermes sandels

7 hours ago by Merlinmwa on ACDSee 5.0: No more dirty photo deeds?

The latest MS Windows update for XP tries hard to persuade you to update. For those machines that already have IE8 loaded it tries to re-...

7 hours ago by brak on Windows XP clings on as dominant OS

buy side effects information buy aricept starter kit - does aricept affected by brussel sprouts buy aricept discount doctors against aric...

7 hours ago by Violetiss on Can CEO-in-waiting give AMD a jumpstart?

Will be interesting to see if he drives the qld gov political IT agenda or looks to address the IT challenges being faced by qld gov agen...

7 hours ago by Flly on Queensland's CIO returns to the post

Download GTA

7 hours ago by suecloxowlets on iiNet undercuts Internode with NBN pricing

So angry! NOKIA has forgotten the main purpose and the user function, and instead prioritised their industry level concerns. I bought my...

8 hours ago by spaceagesoup on Nokia skips Australia in Symbian Belle roll-out

I get what you mean in your context, meski. If the filter is like speed cameras, then people can alternately take side streets and back r...

10 hours ago by techkid on Interpol defends voluntary filter

Remind me again how people can get to a leadership position with absolutely no practical knowledge? I would ask Alexander how he intends...

10 hours ago by cleversoap on Internet won't always be anonymous: ITU

I was reading about DMARC at http://www.unlocktheinbox.com/resources/dmarc.aspx, perhaps they should try to implement something like this...

11 hours ago by wpfn on Phishing scam causes Telstra email woe

As you can tell, I'm a big follower. For AFL read NRL.

11 hours ago by phildobbie on The TV Now aftermath

Im not sure if David Gallop realises he now works for the AFL.

11 hours ago by katerich on The TV Now aftermath

That assumes that people see the stop sign. If you're using proxies, or whatever *all* the time, then these stop signs will never be obs...

12 hours ago by meski on Interpol defends voluntary filter

This story has been voted 20 times in the last 24 hours!

2 days ago, Symantec confirms hacker extortion

This story has been voted 10 times in the last 24 hours!

2 days ago, Symantec confirms hacker extortion

Keep up with ZDNet Australia

Inside ZDNet Australia

ZDNet / Security / Story

Red Hat gets hacked

Topics

Top related stories

Related gallery

Related stories

Talkback

Resource Centre Useful content from our premier sponsors

Quick Poll

ZDNet Australia Live

Facebook Activity

Keep up with ZDNet Australia

ZDNet Events Calendar

Plan Comparison

Sponsored resources

Inside ZDNet Australia

Services