Re: [silk] Redhat intrusion
On Wed, Aug 27, 2008 at 10:38:47AM +0530, Srini Ramakrishnan wrote: In case you hadn't seen: http://www.redhat.com/security/data/openssh-blacklist.html How is that remarkable? Compromises of diverse distro depositories happen quite regularly. Now if this was OpenBSD... -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Re: [silk] Redhat intrusion
On Wed, Aug 27, 2008 at 8:48 AM, Eugen Leitl [EMAIL PROTECTED] wrote: How is that remarkable? Compromises of diverse distro depositories happen quite regularly. It is remarkable for the fact that there is a sizable base of machines with RH installations of various vintages out there. Now if this was OpenBSD... See above. Thaths -- I saw this in a movie about a bus that had to SPEED around a city, keeping its SPEED over fifty, and if its SPEED dropped, it would explode. I think it was called, 'The Bus That Couldn't Slow Down'. -- Homer J. Simpson
Re: [silk] Redhat intrusion
On Wed, Aug 27, 2008 at 08:54:44AM +0200, Thaths wrote: It is remarkable for the fact that there is a sizable base of machines with RH installations of various vintages out there. So is Debian. So what? Now if this was OpenBSD... See above. People, eat shit, millions of flies can't go wrong.? -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Re: [silk] Redhat intrusion
On Wed, Aug 27, 2008 at 2:48 AM, Eugen Leitl [EMAIL PROTECTED] wrote: How is that remarkable? Compromises of diverse distro depositories happen quite regularly. Now if this was OpenBSD... Folks who keep their systems updated using Red Hat Network are not at risk. Atleast Red Hat confirms that. To use the GPG signature key to verify the integrity and authenticity of the scripts please follow the instructions below: * Download the Red Hat Security Response Team public key: wget -c https://www.redhat.com/security/650d5882.txt * Import the Red Hat Security Response Team public key: gpg --import 650d5882.txt * Verify the script signature matches that of the Security Response Team: gpg --verify openssh-blacklist-1.0.sh.asc P.S :: Not speaking for my employer :-) regards -- Ramakrishna Reddy GPG Key ID:31FF0090 Fingerprint = 18D7 3FC1 784B B57F C08F 32B9 4496 B2A1 31FF 0090
Re: [silk] Redhat intrusion
Eugen Leitl [EMAIL PROTECTED] writes: On Wed, Aug 27, 2008 at 10:38:47AM +0530, Srini Ramakrishnan wrote: In case you hadn't seen: http://www.redhat.com/security/data/openssh-blacklist.html How is that remarkable? Compromises of diverse distro depositories happen quite regularly. Now if this was OpenBSD... It happened once to OpenBSD. Perry