Fedora infrastructure hacked – no damage done

The Fedora Project has confirmed that there was an intrusion into its infrastructure on the 22nd, but investigations have shown “no impact on product integrity”. The announcement of the intrusion by Fedora Project Leader, Jared Smith, states that the project became aware of a problem when a contributor received an email from FAS, the Fedora Accounts System, saying his account details had been changed.

The Fedora Infrastructure Team investigated and confirmed the account had been compromised. After locking down systems, snap-shotting file systems and auditing logs it was found that the account, which was only authorised for SSH to fedorapeople.org, push packages into Fedora’s SCM and perform builds of Fedora packages, had only changed the account’s SSH key and logged into fedorapeople.org.

Read more at H-online

Comments are closed.