On mySimon: Body Solid EXM 3000LPS

BNET Business Network:: BNET; TechRepublic; ZDNet

Zero Day

Ryan Naraine and Dancho Danchev

Get Zero Day via:: Mobile; RSS; Email Alerts
Bios:: Ryan’s Bio; Dancho’s Bio

August 18th, 2008

Fedora infrastructure breach?

Posted by Ryan Naraine @ 8:05 am

Categories: Anti Virus, Browsers, Data theft, Denial of Service (DoS), Exploit code, Locally Running Web Servers, Open source, Passwords, Patch Watch, Pen testing, Responsible disclosure, Vulnerability research

Tags: Fedora Project, Open Source, Security, Ryan Naraine

Fedora server compromised? Has there been a security breach in Red Hat Fedora’s infrastucture systems?

According to a cryptic announcement posted to the Fedora-Announce mailing list, the open-source group is investigating an unspecified “issue in the infrastructure systems” that has resulted in widespread service outages.

In the note, Fedora maintainers recommend that end users avoid downloading packages on Fedora systems, which strongly hints at a security-related problem:

The Fedora Infrastructure team is currently investigating an issue in the infrastructure systems. That process may result in service outages, for which we apologize in advance. We’re still assessing the end-user impact of the situation, but as a precaution, we recommend you not download or update any additional packages on your Fedora systems.

A follow-up message posted over the weekend said the investigations were continuing but there are no details available on the cause of the problem.

Efforts to contact Red Hat Fedora maintainers have so far been unsuccessful. I will update this post as necessary.

* Image credit: jgbrl’s Flickr photostream (Creative Commons 2.0)

Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.

Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

Talkback
Most Recent of 10 Talkback(s)

Thread View
Flat View

hindsight is 50/50: This release from RH came out after my comment and after the blog entry was posted. At the time, there was nothing to suggest the problem was security related - at least nothing in the cited reference for the blog entry.... (Read the rest); Posted by: OzDot Posted on: 08/27/08 You are currently: a Guest | Log in | Terms of Use

Denial isn't a river in Egypt NotMSUser | 08/18/08

Updates seemed to be working last night John L. Ries | 08/18/08

May or may not be related John L. Ries | 08/18/08

Yes, but those updates maybe compromised. phatkat | 08/19/08

RE: Fedora infrastructure breach? npdavis@... | 08/18/08

RE: Fedora infrastructure breach? bbneo | 08/19/08

This is the evidence that linux and open source are unsafe qmlscycrajg | 08/20/08

what makes you think it is a security issue? OzDot | 08/21/08

this Donald75 | 08/22/08

hindsight is 50/50 OzDot | 08/27/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Fundamentals of Volume Activation Microsoft Gain a more thorough understanding--and learn what's new--on the Volume Activation process while deploying Windows 7 and Windows Server 2008. Download Now
Getting personal with business continuity: Five critical success factors in overcoming workforce disruptions IBM Corp. An event that disrupts your business, no matter how limited or broad in ... Download Now
Volume Activation Operations Guide Microsoft Microsoft? Volume Activation helps Volume Licensing customers automate and ... Download Now

Recent Entries

Blogs From Our Sponsors

Top Rated

And the most popular password is...+34 votes
Microsoft readies emergency IE patch to counter public exploits+33 votes
Report: 48% of 22 million scanned computers infected with malware+32 votes
Microsoft says Google was hacked with IE zero-day+31 votes
Microsoft confirms 17-year-old Windows vulnerability+31 votes
MS Patch Tuesday heads-up: 13 bulletins, 26 vulnerabilities+26 votes
Bogus IQ test with destructive payload in the wild+22 votes
Haiti earthquake themed blackhat SEO campaigns serving scareware+21 votes

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Click Here

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

Planning Activation in Isolated Environments Microsoft This guide is for IT pros maintaining the Windows? 7 and Windows Server? ... Download Now
Fundamentals of Volume Activation Microsoft Gain a more thorough understanding--and learn what's new--on the Volume Activation process while deploying Windows 7 and Windows Server 2008. Download Now
Getting personal with business continuity: Five critical success factors in overcoming workforce disruptions IBM Corp. An event that disrupts your business, no matter how limited or broad in ... Download Now

Popular Sanity Saver Videos

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More