Monday, August 25, 2008

RedHat Linux Compromised

Red Hat Inc. announced that their main distribution servers were compromised. Patches were released to fix apparently modified OpenSSH packages.

This is an incredibly interesting vector of attack. Both releases of Red Hat Enterprise Linux v4, v5 and Fedora were modified with hackers essentially including their own key to the front door (ssh) into the operating system. If you have installed RHEL or Fedora from ftp or http sources recently you will certainly need to: "yum update".