security breach

The Debian version of the OpenSSL library was the subject of a security breach discovered in late May 2008 generated keys from a much smaller entropy pool than normal.

InternetNews: "Despite a security breach earlier this year, Red Hat is out today with its tenth release of the Fedora Linux distribution, promising new open source security, virtualization and appliance-building technologies."

jammag writes "When Linux journalist Bruce Byfield tried to dig for details about the security breach in Fedora's servers, a Red Hat publicist told him the official statement — written in non-informative corporate-speak — was all he would get.

In the wake of Red Hat's tight-lipped handling of the breach, even Fedora's board was unhappy, as Byfield details.

On August 22, the Fedora Project released an "infrastructure report" confirming what most observers had, by then, suspected: the project had suffered a major security breach.

The attacker got as far as a system used to sign packages distributed by Fedora.

On August 22, the Fedora Project released an "infrastructure report" confirming what most observers had, by then, suspected: the project had suffered a major security breach.

This article looks at what (little) is known about this incident, what we have yet to learn, and some lessons that can be learned from the whole thing.

Click below (subscribers only) for the full text.

A week or so ago, end users of the Linux-based Red Hat Fedora OS were warned to avoid downloading packages due to an "issue in the infrastructure systems" which waved big red flags suggesting a security breach to many industry observers.

Now Fedora has admitted Red Hat OpenSSH packages were compromised by two separate server intrusions..

More than a week after a cryptic note hinted at a security breach at Fedora , the open-source group has finally fessed up to two separate server intrusions that compromised the security of Red Hat's OpenSSH ...

The Fedora Project has sent out an update describing its "infrastructure issues" in some detail. Yes, it was a security breach.

"One of the compromised Fedora servers was a system used for signing Fedora packages. However, based on our efforts, we have high confidence that the intruder was not able to capture the passphrase used to secure the Fedora package signing key.

Based on our review to date, the passphrase was not used during the time of the intrusion on the system and the passphrase is not stored on any of the Fedora servers." They are changing the signing keys anyway.

On OSNews, we try to steer away from speaking of specific security incidents, trojans, or viruses, unless they are in one way or the other special, or very influential.

Over the course of the past 12 months or so, many incidents concerning Mac security arose, but most, if not all, were lemons: they required the user to actively enter his administrator password, or to manually launch the malicious program.

In my book, these cases do not constitute as serious breaches of security, and hence, OSNews ignored them.