 |  |  |  |  |  |  |  |
Don't Allow Security Breaches to Rip Your Britches
A few days ago, Red Hat, Inc., announced that an intruder had broken into some of their systems and possibly compromised some important software packages. The most significant among them is OpenSSH--a secure method of connecting to a remote Linux system.
Red Hat quickly took the systems offline to investigate the damage and found that one of their Fedora systems had been breached. This server is used to sign packages for distribution amongst the various mirrors and networks for download. Package signing assures the end user that the package is genuine and free of harmful code.
Thus far, Red Hat has found no conclusive evidence that any of their package signatures were compromised and are confident that their packages are safe to use for your systems. To strengthen their position, they have created updated OpenSSH packages that are certified as safe and secure and free of any malicious code.
Several major Linux distributions are based upon RedHat Linux including Fedora, CentOS, Lineox, PieBox Linux, StartCom Linux, WhiteBox Linux, X/OS Linux, Scientific Linux and others.
CentOS, based on Red Hat Enterprise Linux source RPMs, checked their code for vulnerabilities and found none. CentOS runs their own distribution network and provides independently checked software for users. Security and stability are high priorities for the CentOS team.
Earlier this year, CentOS announced that there was, in fact, a security breach with the Debian OpenSSL package code that prevented the software from gaining enough entropy (randomness) for its random number generator (RNG). The affected package version in that vulnerability is 0.9.8c-1.
To check your version of OpenSSH and OpenSSL, connect to your Linux system and issue the following command:
rpm -qa |grep open
This command gives you a listing of all packages named open* and their version numbers.
To assure that you maintain and up-to-date system, you need to install up2date or create a crontab entry to run yum update at least once a day.
Security vigilance and maintenance are ongoing issues in all environments. You must keep your systems up-to-date and stay aware of security vulnerabilities that may negatively affect you and your users.
Red Hat quickly took the systems offline to investigate the damage and found that one of their Fedora systems had been breached. This server is used to sign packages for distribution amongst the various mirrors and networks for download. Package signing assures the end user that the package is genuine and free of harmful code.
Thus far, Red Hat has found no conclusive evidence that any of their package signatures were compromised and are confident that their packages are safe to use for your systems. To strengthen their position, they have created updated OpenSSH packages that are certified as safe and secure and free of any malicious code.
Several major Linux distributions are based upon RedHat Linux including Fedora, CentOS, Lineox, PieBox Linux, StartCom Linux, WhiteBox Linux, X/OS Linux, Scientific Linux and others.
CentOS, based on Red Hat Enterprise Linux source RPMs, checked their code for vulnerabilities and found none. CentOS runs their own distribution network and provides independently checked software for users. Security and stability are high priorities for the CentOS team.
Earlier this year, CentOS announced that there was, in fact, a security breach with the Debian OpenSSL package code that prevented the software from gaining enough entropy (randomness) for its random number generator (RNG). The affected package version in that vulnerability is 0.9.8c-1.
To check your version of OpenSSH and OpenSSL, connect to your Linux system and issue the following command:
rpm -qa |grep open
This command gives you a listing of all packages named open* and their version numbers.
To assure that you maintain and up-to-date system, you need to install up2date or create a crontab entry to run yum update at least once a day.
Security vigilance and maintenance are ongoing issues in all environments. You must keep your systems up-to-date and stay aware of security vulnerabilities that may negatively affect you and your users.
Similar Threads
- AVG not healing viruses + Security Alerts not recognising security software (Viruses, Spyware and other Nasties)
- IT Security Breaches of 2007 (Network Security)
- News Story: The true cost of corporate data breaches (Network Security)
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
age amd antivirus apple avatar bluegene botnet browser business chips crime data database debian dell desktop development distributions dos economy email encryption energy enterprise exploit facebook fedora firefox gadgets google government gpl hack hacker hacking hardware ibm ibm.news intelibm internet iphone kaspersky laptops linux mac macosx malware mcafee medicine memory microsoft mobile netbooks news novell openoffice opensource opensuse operatingsystems os osx pc phishing privacy ps3 recession redhat report research russia scam search security servers software spam spyware sun supercomputer supercomputing survey technology trends trojan twitter ubuntu uk unix virtualization virus vista vmware vulnerability web webmail windows working worm x86 xen
