It turns out that last week Fedora servers, including one that is used to sign packages, were compromised. Red Hat claims that the servers were taken offline as soon as the breach was “quickly” discovered.
The question lingers. When were they breached?
From Redhat.com:
One of the compromised Fedora servers was a system used for signing Fedora packages. However, based on our efforts, we have high confidence that the intruder was not able to capture the passphrase used to secure the Fedora package signing key. Based on our review to date, the passphrase was not used during the time of the intrusion on the system and the passphrase is not stored on any of the Fedora servers.
While there is no definitive evidence that the Fedora key has been compromised, because Fedora packages are distributed via multiple third-party mirrors and repositories, we have decided to convert to new Fedora signing keys.
Running Fedora? You might want to check your systems just to be safe. Also, the folks at Red Hat are asking for anyone that has information on this breach to contact their legal folks via “fedora-legal SHIFT2 redhat com”. They make a point of noting that the Fedora and Redhat servers are separate. The Red Hat servers also use a different key that was not accessed.
From Search Security.com:
When a vulnerability researcher discloses a flaw in a widely-used operating system or application, some IT professionals question the motive. Such has been the case with a Linux Kernel flaw that was disclosed last week. Wojciech Purczynski, a researcher with Singapore-based security firm COSEINC, discovered the flaw, and a researcher using the online name “Qaaz” followed it up with attack code. Qaaz declined an interview request, but Purczynski did answer some questions in an email exchange. In this Q&A, he explains how he reported the security hole and why Linux users should take his findings seriously.
For the email interview read on.
Tags: Kernel Exploit, Kernel Flaw, Linux Kernel Security
Microsoft has lost a little more ground in France. This time it’s to the MP’s as they adopt Linux as their operating system of choice.
The project, backed by MPs Richard Cazenav and Bernard Carayon of the UMP party, will see 1,154 French parliamentary workstations running on an open source OS, with OpenOffice.org, Firefox and an open source email client.
Being a frequent user of Open Office I can add that it has matured nicely. I’m sure there are some imcompatibilites that I have yet to be plagued with but, so far all has been well.
This will be the first case of a French public institution switching its PCs onto a Linux operating system. Previous open source initiatives concerned servers, as was the case with the Minstry of Agriculture, or OpenOffice and Firefox, which were brought into use by France’s gendarmerie.
Tags: Microsoft, Open Office, France, Linux
In what is fast becoming the biggest running joke in the IT industry the Vista operating system from Microsoft may be delayed AGAIN! This according to a Gartner report so, take that for what it’s worth.
The research note, released to clients Monday, said the new Windows Vista operating system is too complex to be able to meet Microsoft’s targeted November release for volume license customers and January launch for retail consumers. A Microsoft spokeswoman said the company disagreed with the Gartner report and it was still on track to meet its launch dates.
Then again predicting a delay to Vista is like shooting fish in a barrel. For those of you who are ready to make a change here are some recommended OS’s
SuSE Linux
Mac OS X
CentOS
Gentoo
FreeBSD
OpenBSD
Fedora
Come on folks. Time to put on the big boy pants and make the change.
Tags: Linux, Vista, SuSE, Microsoft, Apple
In a move that goes a long way to making my blood boil, Oracle is apparently looking to buy Novell. Why, you might ask, would this cause me heartburn? Well, I’ve been a SuSE user now for several years. I cringe at the thought of what could go wrong with this purchase.
Oracle boss Larry Ellison has revealed that his company considered a takeover of Novell and may soon enter into the Linux market itself.
Now Larry is prone to grandstanding from time to time. I just hope that the open version of SuSE will continue to survive. Otherwise I will have to make that final move…and join the Mac hordes at long last.
