[ale] Redhat and Fedora servers compromised

hscast at charter.net hscast at charter.net
Fri Aug 22 21:17:36 EDT 2008


---- Jason Fritcher <jkf at wolfnet.org> wrote: 
> 
> On Aug 22, 2008, at 6:37 PM, Jim Kinney wrote:
> > The RedHat unauthorized access did involve malicious activity which  
> > changed the openssh binaries on an unspecified number of RHN  
> > servers. Currently, RedHat has not released a change in signing keys  
> > which indicates the either the binaries were not signed (and thus  
> > would not be loadable in a properly configured RedHat system) or the  
> > signature is invalid (thus again not affecting a properly installed  
> > RedHat - or CentOS - server). There is an outside chance that  
> > RedHats signing key was stolen and they have not revealed that but  
> > given the history of RedHat and their openess in general, I  
> > currently do not think the key has been compromised.
> 
> According to the following blog post...
> 
> http://www.awe.com/mark/blog/200701300906.html
> 
> ...Red Hat is using a hardware crypto module to do package signing for  
> RHEL 5 packages. Unless the intruder figured out a way to extract the  
> private key from the hardware module, then it should be safe to say  
> that the key has not been compromised. From what I've read elsewhere,  
> it appears the intruder managed to get the openssh packages signed by  
> the system, so I would guess they would appear valid to receiving  
> machine, hence the reason for the script to detect if you have one of  
> them installed.
> 
> What I'd like to know is how the machines were compromised so I can  
> protect myself from the same exploit(s).
> 
> -- 
> Jason Fritcher
> jkf at wolfnet.org
> 
> 
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
It seems that my issue maybe what Paul is saying. I was finally able to switch to console tty1 and login, even as root I was unable to go into the graphics console. Just before all that I noticed that all my desktop icons disappeared and then after logging out and back in they came back. I finally took the Mobo out and returned it. Have to wait until after the credit shows up before getting another one. I don't think it will be a gigabyte though. I was reading some where that the 790a chipset from nVidia works fine the article was comparing it with AMD's 790FX series chipset, but I can't find it anywhere now. I think it was on Phorum or something like that. Anyway any opinions on ASUS? 


More information about the Ale mailing list