« An interesting feature | Main | Technology is hard »

Tuesday, 26 August 2008

Yikes!

- Luther Martin

It looks like a hacker was somehow able to penetrate Red Hat, get access to the keys that they use to sign their code, and include bogus OpenSSH packages in some versions of their software. Fortunately, this problem was caught fairly quickly, and you can now download clean versions of the affected software as well as a tool to check to make sure that you haven't been compromised.

I'd assume that the hackers went after their highest priority targets first, which in this case happened to be OpenSSH. That's an interesting choice, but I'm not sure that I would have done the same thing. If you were a hacker and had a chance to change just one package, which one would it be?

Posted by Luther Martin on August 26, 2008 in Crypto , Current Affairs , Security | Permalink

Technorati Tags: , , ,

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e55375ef1c883300e55465683b8833

Listed below are links to weblogs that reference Yikes!:

Comments

Post a comment

If you have a TypeKey or TypePad account, please Sign In.

Voltage Data Breach Index

  • Grab the Voltage Data Breach Index

September 2010

Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30    
« | Main | »

Categories

Recent Posts

Links

Archives

More...

Subscribe to this blog's feed