Fedora Project investigates possible infrastructure compromise
Posted on 25 January 2011.
A security incident on Fedora infrastructure has been reported by Jared Smith, Fedora Project's leader, who confirmed that the account of one of its contributors has been compromised.

According to preliminary results of an investigation mounted by Fedora Project's Infrastructure Team, the compromise wasn't the result of an exploitation of a vulnerability.

Luckily for all, the compromised account doesn't belong to a member of any sysadmin or Release Engineering groups.

Upon being notified by the legitimate account user that something was off, the Infrastructure Team immediately proceeded to lock down the access to the account, take filesystem snapshots of all systems the account had access to, and audit SSH, FAS, Git, and Koji logs from the time of compromise to the present.

So far, they discovered that the attacker changed the account's SSH key in the Fedora Accounts System and logged in to fedorapeople.org. Fedora users are reassured that he or she did not push any changes to the Fedora SCM or access pkgs.fedoraproject.org in any way, generate a koji cert or perform any builds, or push any package updates.

"The Infrastructure Team believes that Fedora users are in no way threatened by this security breach and we have found no evidence that the compromise extended beyond this single account," wrote Smith, but they encourage anyone who might notice something is off to report it.






Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //