ARN

Wider implications of the Red Hat breach

Red Hat's recent server breach isn't the first time that a Linux distribution has been targeted by attackers, but it could be one of the most important attacks in terms of the recovery and mitigation processes.
Page:

Reports of data losses and system breaches are almost becoming passe but from time to time events happen that take on a life of their own and have effects far beyond what the initial breach would normally represent.

Late last week there was an announcement that key servers belonging to both the Fedora and Red Hat Linux distributions were compromised. With this breach they join the ranks of Ubuntu, Debian and Gentoo] as Linux distributions that have suffered severe server breaches. What is causing the most concern about Fedora's case is that one of the servers that had been breached was being used to provide authoritative signing of packages distributed under the Fedora banner. Had the attacker been able to capture the private key, or even the source phrase used to generate the key, then it would have been possible to generate their own packages that authenticated as official Fedora software. The Red Hat compromise resulted in custom OpenSSH packages being uploaded to the compromised server.

While Fedora have stated that they don't believe the key or phrase were compromised, many feel that it isn't good enough and are calling for Red Hat to be far more open in reporting exactly what happened. The different signing systems in use has helped mitigate the extent of the damage (otherwise Red Hat's compromise would have the same sort of risk as Fedora's) but there is concern about how readily the Red Hat system signed the modified OpenSSH packages.

It would be interesting to uncover the motivation for the attack. If handled carefully, the attacker could have subtly poisoned user-space applications that could have allowed the easy extraction of sensitive personal information for Identity theft/fraud purposes. Targeting key system components is more likely to have the attackers found out quicker, but it also means that the attackers would potentially have full system access to a large number of global systems without any extra effort. One day we will see a cross over point, where the value of quietly stealing the personal information outweighs the value of the system as part of a botnet and attackers will begin to focus on subtle user-level attacks to achieve this.

Page:

Come socialise with us! Facebook | LinkedIn

More about: Cisco, Debian, Fedora, Linux, Red Hat, Slashdot.org, SSH, Ubuntu
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: data breach, Red Hat
ARN Directory | Distributors relevant to this article
Alloys , Aquion , Avnet Technology Solutions , Express Data , Express Online , Multimedia Technology , Wavelink , Westcon Group , Fusion Power Systems
ARN Directory | Vendors relevant to this article
Red Hat
rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/avg/2009-09-18_71_become-an-avg-reseller
AVG (AU/NZ) Pty Ltd

Become an AVG Reseller and Make Serious Money!

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.