, SecurityFocus 2008-08-22
Unknown intruders breached the security of several computers used by Linux firm Red Hat and the Fedora Project, forcing administrators to take the systems offline for over a week, Fedora and Red Hat announced on Friday.
Expand all |
Post comment
[...]
"we have high confidence that the intruder was not able to capture the passphrase used to secure the Fedora package signing key,"
so there is probably some misunderstanding here, they probably don't have the password, but may have the key (i wonder how long a bruteforce attack will take :)
btw, why were the keys on an online system? (not an isolated system, no airgap etc). amateur cryptography...
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/11532/35235#35235