LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

not a troll

not a troll

Posted Sep 10, 2008 18:56 UTC (Wed) by rahvin (subscriber, #16953)
In reply to: not a troll by JoeBuck
Parent article: The Fedora-Red Hat Crisis (Datamation)

I disagree that it was mishandled. I believe the press release was a preliminary "we are starting an investigation" type release. In addition because RedHat is a public company they are obligated to call the FBI and report the breach and the FBI likely gagged them on revealing details so they don't become public and compromise the criminal investigation. I would bet at some point in the future after they understand the compromise, and after the FBI has concluded the criminal investigation that the details will come out, but not before then. The FBI is really nasty about people leaking details they don't want public, they have even gone as far as prosecuting people for interfering with an active investigation.

(Log in to post comments)

not a troll

Posted Sep 11, 2008 3:40 UTC (Thu) by vmole (guest, #111) [Link]

In addition because RedHat is a public company they are obligated to call the FBI and report the breach...

It would the SEC, I think, if this were true. But unless you can point at the law or regulation, I don't think it is. Which is not to say that RedHat wouldn't call the FBI, if they had some way of identifying the attacker.

not a troll

Posted Sep 11, 2008 4:12 UTC (Thu) by rahvin (subscriber, #16953) [Link]

There is no law that says they must, although they could have government contracts that require it as most Federal government contracts have such clauses and I don't doubt they have contracts with the Federal government. The reason I believe so strongly that they did is that the consequences both with the SEC and stockholders are extreme for not reporting such criminal acts against the company. There are many examples in history of such things not being reported costing companies millions in lawsuits and I wouldn't doubt, although I don't know of one personally, that there is at least one example that cost a company it's existence.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds