Comments on: Fedora servers pwnd http://www.mckeay.net/2008/08/22/fedora-servers-pwnd/ The views of one man on security, privacy and anything else that catches his attention Fri, 12 Mar 2010 18:03:09 +0000 http://wordpress.org/?v=abc hourly 1 By: Spirovski Bozidar http://www.mckeay.net/2008/08/22/fedora-servers-pwnd/comment-page-1/#comment-3226 Spirovski Bozidar Sat, 23 Aug 2008 05:37:03 +0000 http://www.mckeay.net/2008/08/22/fedora-servers-pwnd/#comment-3226 A quote from the announcement: "One of the compromised Fedora servers was a system used for signing Fedora packages." This system has little to do with internet services and should be buried deep in the redhat server infrastructure, behind layers of firewalls and IDS systems, or even offline. Goes to show that even large companies can make a very poor choice on system positioning and security. Spirovski Bozidar http://www.shortinfosec.net A quote from the announcement: “One of the compromised Fedora servers was a system used for signing Fedora packages.”
This system has little to do with internet services and should be buried deep in the redhat server infrastructure, behind layers of firewalls and IDS systems, or even offline.

Goes to show that even large companies can make a very poor choice on system positioning and security.

Spirovski Bozidar
http://www.shortinfosec.net

]]>