Fedora Project investigates possible infrastructure compromise
Posted on 25 January 2011.
A security incident on Fedora infrastructure has been reported by Jared Smith, Fedora Project's leader, who confirmed that the account of one of its contributors has been compromised.

According to preliminary results of an investigation mounted by Fedora Project's Infrastructure Team, the compromise wasn't the result of an exploitation of a vulnerability.

Luckily for all, the compromised account doesn't belong to a member of any sysadmin or Release Engineering groups.

Upon being notified by the legitimate account user that something was off, the Infrastructure Team immediately proceeded to lock down the access to the account, take filesystem snapshots of all systems the account had access to, and audit SSH, FAS, Git, and Koji logs from the time of compromise to the present.

So far, they discovered that the attacker changed the account's SSH key in the Fedora Accounts System and logged in to fedorapeople.org. Fedora users are reassured that he or she did not push any changes to the Fedora SCM or access pkgs.fedoraproject.org in any way, generate a koji cert or perform any builds, or push any package updates.

"The Infrastructure Team believes that Fedora users are in no way threatened by this security breach and we have found no evidence that the compromise extended beyond this single account," wrote Smith, but they encourage anyone who might notice something is off to report it.


101,000 US taxpayers affected by automated attack on IRS app

The IRS has revealed more details about an attack it suffered last month, mounted by unknown individuals with the aim to file fraudulent tax returns and funnel the returned money to their own bank accounts.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Feb 10th