LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

What happened with Fedora - and Red Hat too

What happened with Fedora - and Red Hat too

Posted Aug 25, 2008 0:56 UTC (Mon) by jamesh (guest, #1159)
In reply to: What happened with Fedora - and Red Hat too by kripkenstein
Parent article: What happened with Fedora - and Red Hat too

> To me this implies that it wasn't a socially-engineered stealing of
> a password to an account on one of the machines, as this wouldn't
> work for the other - unless a single user has accounts on both, with
> the *same* password (not a good idea in general, but many of us fall
> prey to this sort of thing...).

It isn't uncommon for large organisations to have shared authentication systems distributed via LDAP or similar, so having the same password on multiple boxes is not that surprising.

Also, it isn't uncommon for people to use the same SSH key pair to log into multiple servers, so that is another possible explanation for both RH and Fedora infrastructure being breached in a single attack.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds