pcworld.com — In the Fedora breach, company officials said they had "high confidence" the hackers did not get the "passphrase used to secure the Fedora package signing key."...In the Red Hat compromise, the intruder was able to sign a small number of OpenSSH packages relating to Red Hat Enterprise Linux 4 [i386, x86_64] and Red Hat Enterprise Linux 5 [x86_64].
Aug 24, 2008 View in Crawl 4
jasoncoxAug 25, 2008
It doesn't matter what OS you run; if you don't lock things down you're gonna get bent over and fraked. I manage my company's DC and we run Windows Server so we obviously make sure things are locked down tight. The thing though is I know enough people who run Linux environments who think that just because it's Linux, turning the Firewall on is all they need to do.
init100Aug 25, 2008
"If they had any sort of clue about security, it never would have happened."That's just plain wrong. Security is never absolute, and good security practices never completely thwarts attacks, they just make them much less probable. And since Red Hat AFAIK hasn't been cracked until now, I'd say their practices are likely pretty good. There might be instances of bad security though, and sometimes it really takes an intrusion to find them.In addition, there are many extremely convoluted security issues. Even if one keeps oneself updated on new security research and practices, there likely is news that is being overlooked that could possibly have an impact.
trogdoorAug 25, 2008
"Yeah perhaps the base parts that are from Red Hat aren't their stuff, but if they didn't have their own code in there as well it wouldn't be CentOS, it'd just be Red Hat."Please come back when you have even a vague understanding of what CentOS is.
atomic1fireAug 26, 2008
Even the titanic sunk (of course Icebergs might not look like much but you cant judge the size by what is out of water, there was probably more ice underwater which created most of the damage)what matters is taking more steps to prevent the same thing from happening again
knowlteyAug 27, 2008
I run CentOS. No Linux distribution is perfectly identical to another, they are snowflakes.<a class="user" href="http://centos.org">http://centos.org</a>CentOS is an Enterprise-class Linux Distribution derived from sources freely provided to the public by a prominent North American Enterprise Linux vendor.keyword: derived
fleabomberAug 27, 2008
It was just a snarky reply, dude. No need to over analyze it. Hey i'm snarky too!