Business IT - Technology for your business

No. 1 Story

Telstra adds one million mobile services, but Sensis plummets

Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.

 read more
StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

More From

Red Hat fesses up to Fedora FOSS security fiasco

Davey Winder
Sunday, 24 August 2008 17:45

Business IT - Open Source

Page 1 of 2
A week or so ago, end users of the Linux-based Red Hat Fedora OS were warned to avoid downloading packages due to an "issue in the infrastructure systems" which waved big red flags suggesting a security breach to many industry observers. Now Fedora has admitted Red Hat OpenSSH packages were compromised by two separate server intrusions... 

It all started with a highly cryptic Fedora-Announce mailing list posting which stated that "The Fedora Infrastructure team is currently investigating an issue in the infrastructure systems. That process may result in service outages, for which we apologize in advance."

Microsoft Office 365 Get your free Trial
Fair enough, that kind of thing happens, apology accepted. What was less acceptable was the bit which went on to say that "We’re still assessing the end-user impact of the situation, but as a precaution, we recommend you not download or update any additional packages on your Fedora systems."

Now, most sane-brained people would read that and think 'avoid downloading packages on Fedora systems' + 'issue in the infrastructure systems' = SECURITY BREACH!

Indeed, that is precisely what most sane-brained people, as well as many journalists, did think. The online news feeds were full of pet theories as to what had happened to cause the widespread Fedora service outages.

The blogosphere likewise. Everyone was hinting at a security breach. Everyone, that is, apart from Fedora.

Now, more than a week after that first warning post appeared, Fedora has eventually succumbed to the inevitable and, with arms firmly upwards, admitted that two separate server intrusions did compromise security as far as Rad Hat OpenSSH packages were concerned.

The question now being asked is does Red Hat have what it takes to be able to deal with security breach disclosure in an accurate and prompt manner? In a manner that you might expect from a group upholding the FOSS promise?

The answer ringing around much of the blogosphere, once you fight your way past the Windows Apologists on one side and the Linux Fanboys on the other, would appear to be 'not bloody likely' it seems.

So what did Red Hat have to say when admitting to the security breach and where does this leave it as far as the FOSS movement is concerned? Discover more on page 2...

CONTINUES


Start 1 2 Next 

Sponsored Announcements

Kordia To Deploy ComOps Best Practice Safety and Risk Management Platform

David Bass | ComOps, a leading Australian provider of business software products and services, has won a competitive tender to deploy its Salvus safety, r…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases