lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 22 Aug 2008 18:41:35 -0400
From: William McAfee <sec-community@...goodhacker.com>
To: Dragos Ruiu <dr@....net>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Fedora confirms: Our servers were breached

I applaud you, I find your response humorous.  Good play.


On Fri, 2008-08-22 at 13:25 -0700, Dragos Ruiu wrote:
> On 22-Aug-08, at 7:41 AM, Juha-Matti Laurio wrote:
> > New information about the "important infrastructure issue" affecting  
> > to Fedora Project has been released today.
> > Mr. Paul W. Frields, Fedora Project Leader has posted an  
> > announcement about the facts, including:
> > "One of the compromised Fedora servers was a system used for signing  
> > Fedora packages."
> > More information available at
> > https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html
> > and
> > http://blogs.securiteam.com/index.php/archives/1130
> 
> It's ok, only a small number of architectures were affected:
> 
> http://rhn.redhat.com/errata/RHSA-2008-0855.html
> 
> You only have something to worry about if you have some x86 boxes. :-)
> 
> cheers,
> --dr
> 
> --
> World Security Pros. Cutting Edge Training, Tools, and Techniques
> Buenos Aires, Argentina   Sept. 30 / Oct. 1 - 2008    http://ba-con.com.ar
> Tokyo, Japan  November 12/13 2008  http://pacsec.jp
> Vancouver, Canada  March 16-20 2009  http://cansecwest.com
> pgpkey http://dragos.com/ kyxpgp
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ