EDIT: Holy crap: http://rhn.redhat.com/errata/RHSA-2008-0855.html"In connection with the incident, the intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture only). As a precautionary measure, we are releasing an updated version of these packages, and have published a list of the tampered packages and how to detect them at http://www.redhat.com/security/data/openssh-blacklist.html"
Original blurb which sort of contradicts the above burb . . . wow . . .just . . . wow:Oh . . . My . . . God: https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html
Will anyone pay attention to this? Does anyone care? Probably not . . . I can't imagine what the fallout would be if our WU / MU / AU servers got pwnd like this. It's like . . . the package signing server and stuff. At least they seem to be doing the right thing and are going to issue new signing keys etc. and will hopefully revoke the old ones. Wow.
Been a busy two weeks - been on the road - working till 2am - thus the lack of blog material. I heard from someone very clueful that I should give Microsoft a FOGA for the .NET stuff Dowd and Sotirov found and demo'd at Blackhat . . . still haven't read that paper . . . I swear I will on the plane home. :(
PingBack from http://kazzim.wordpress.com/2008/08/25/redhat-che-fine-hai-fatto/