RedHat gets hit this time…

It just goes to show, if you think you’re safe, you’re not. This time RedHat was hit:

http://blogs.zdnet.com/security/?p=1784&tag=nl.e550

This is pretty ugly since it involves the signing of certificates used to validate the RPM repositories and RPMs themselves. RedHat claims that the “passphrase“s for the certificates weren’t compromised, so no harm no foul. However it’s very concerning and in order to sufficiently mitigate may require manual intervention by all users or at least changes on all users’ systems.

The problem here is if RedHat is wrong, forged RPMs could be created that appear “valid” and in theory if installed could infect customer systems compromising binaries et al. It would take quite a bit of effort here, including getting the RPMs into the repositories without anyone noticing, but it is not out of the realm of possibility, particularly when you consider what this hack in itself says about security.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">

  

  

  

This site uses Akismet to reduce spam. Learn how your comment data is processed.