Archive for August, 2008

« Older Entries

Red Hat hack prompts critical OpenSSH update

Sunday, August 31st, 2008

Red Hat hack prompts critical OpenSSH update

Red Hat has warned that hackers were able to commandeer its systems and tamper with code – but said that since its content distribution was not hit, it is confident that polluted code has not served up to users.

The first hint that something was wrong came last week when Fedora rebuilt its systems, a reconstruction that was accompanied by extended outages. Red Hat sponsors the Linux distribution. Fortunately Fedora packages weren’t interfered with following the attack, but Red Hat Enterprise Linux packages were touched up by as yet unidentified miscreants.

“Last week Red Hat detected an intrusion on certain of its computer systems and took immediate action,” Red Hat said in a critical security advisory issued on Friday. “While the investigation into the intrusion is ongoing, our initial focus was to review and test the distribution channel we use with our customers.”

While checks on its content distribution networks came back clean, it did turn up some problems.

“An intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture only).

“As a precautionary measure, we are releasing an updated version of these packages, and have published a list of the tampered packages and how to detect them here.”

In a parallel posting to the Fedora announce mailing list early on Friday morning Paul Frields, Fedora project leader, confirmed that an intrusion by computer hackers had prompted the unprecedented rebuild by the Linux distribution, which is sponsored by Red Hat.

“Last week we discovered that some Fedora servers were illegally accessed. The intrusion into the servers was quickly discovered, and the servers were taken offline.

“Security specialists and administrators have been working since then to analyze the intrusion and the extent of the compromise as well as reinstall Fedora systems.”

Among the compromised Fedora servers was a machine used for signing Fedora packages. Following a forensic examination, the Linux distribution is convinced that hackers were not able to capture the passphrase used to secure the Fedora package signing key. “Based on our review to date, the passphrase was not used during the time of the intrusion on the system and the passphrase is not stored on any of the Fedora servers,” Frields writes.

Nonetheless, as a precaution, Fedora has changed its signing key. Access to the key would have potentially allowed hackers to offer up code with built-in backdoors carrying the Fedora hallmark, the risk Red Hat is grappling with in the case of the doctored OpenSSH packages.

Fedora has carried out checks that suggest the integrity of its packages and source code have not been affected by the breach. It said it was simply playing it safe when it advised users to hold off from downloads last week, a piece of advice that stoked speculation that a security breach was behind the then unexplained outage.

Source : theregister.co.uk

Tags: , , , , , ,
Posted in Linux, Red Hat, softwares - news | No Comments »

Intruders disrupt Fedora, Red Hat

Sunday, August 31st, 2008

Intruders disrupt Fedora, Red Hat

Some of Fedora’s servers were “accessed illegally” last week but, the Fedora team said in an email today, the intrusion “was quickly discovered, and the servers were taken offline”.

“Security specialists and administrators have been working since then to analyze the intrusion and the extent of the compromise as well as reinstall Fedora systems,” the team said in its infrastructure report today.

One of the compromised Fedora servers was a system used for signing Fedora packages which has raised concern over the security of packages. The Fedora team says that while they have “high confidence” that the intruder was not able to capture the passphrase used to secure the Fedora package signing key it has decided to convert to new signing keys.

“Based on our review to date, the passphrase was not used during the time of the intrusion on the system and the passphrase is not stored on any of the Fedora servers.

“While there is no definitive evidence that the Fedora key has been compromised, because Fedora packages are distributed via multiple third-party mirrors and repositories, we have decided to convert to new Fedora signing keys,” the team said.

Red Hat

Fedora sponsor, Red Hat, also detected unusual activity during this period and has issued updated OpenSSH packages for its Enterprise Linux users.

The company says that it remains “highly confident that our systems and processes prevented the intrusion from compromising RHN or the content distributed via RHN and accordingly believe that customers who keep their systems updated using Red Hat Network are not at risk”.

Source : tectonic.co.za

Tags: , , , , , ,
Posted in Linux, Red Hat, softwares - news | No Comments »

Linux Popularity Across the Globe

Sunday, August 31st, 2008

Linux Popularity Across the Globe

moleskine
Member since:
2005-11-05
Fans: 5

There are some acute comments below the article itself, pointing out that it’s so hard to get accurate data that these results shouldn’t really be seen as more than very broad brush. It’s safe to say that more people use Linux in Cuba than they do on the Greenland ice shelf, but if you become too granular about what and where then the facts are increasingly dubious. In addition, the article only looks at Western-sourced distros. What about local ones of the Red Flag Linux kind? Knowing a bit more about them might help to explain the figures.

In a comment that caught my eye, one person suggested that part of Red Hat’s success in some parts of the world may be down to their certification and qualification programs. In other words, in some countries folks see Red Hat as a way to get yourself a qualification and pull yourself up in the world. That is a very interesting and powerful idea, and a way for other distros like Ubuntu to give themselves an edge.

Plenty of ironies here, anyway. Utah’s products are most popular among former commie countries. Red Hat is more popular outside the US than inside it. Ubuntu’s stronghold appears to be in Italy and not anywhere in Africa. Debian is very popular in Cuba but I wonder how many Cubans Debian has on the roll as devs.

Source : newmobilecomputing.com

Tags: , , , , ,
Posted in Linux, Red Hat | No Comments »

Find In Tabs Searches Text Across All Your Firefox Tabs

Sunday, August 31st, 2008

Find In Tabs Searches Text Across All Your Firefox Tabs

Firefox only (Windows/Mac/Linux): Firefox extension Find In Tabs searches for text across all of your open Firefox tabs. It does so by adding a Find in Tabs button to the find bar that switches from the normal single-page search to a multi-tab search. When you search with Find In Tabs enabled, it provides as-you-type results with context and tab number. This one could come in handy if you’re doing some heavy multi-tabbed research and you need to find something you had read but don’t remember which page you saw it in, but what’s coolest about Find In Tabs has little to do with the multi-tab search.

The best part is the highlighting and context Find In Tabs provides in the search results, which is a killer feature when you’re searching for text in large web pages. Rather than skipping through all the matches with the Next/Previous buttons, to see the text surrounding the match, you get a great heads-up of all the matches and their surrounding context. Find In Tabs is free, works wherever Firefox does.

Source : lifehacker.com

Tags: , , , , , , ,
Posted in Firefox, Web Browsers, softwares - news | No Comments »

The Best Firefox Extensions: How Useful Are They?

Sunday, August 31st, 2008

The Best Firefox Extensions: How Useful Are They?

Firefox team has announced the winners in the Extend Firefox 3 contest for Firefox extensions and add-ons. Let’s take a look at the winners and see what the experts recruited think are the tools we are supposed to benefit the most of using with our dearest Firefox browsers.

Over 100 various extensions have been submitted by the developers since the contest was launched in March. 3 add-ons were named winners in the best new add-on category with 6 more runners-up. Additionally 3 best updated add-ons have been chosen and the best music addon as well (one only). The developers of the best add-ons will be rewarded with prizes, including MacBook Air and Macbook Pro laptops and trips to the Mozilla Developer Day of their choice.

Here are the allegedly best Firefox add-ons along with the brief descriptions of what you should expect them to do after installation. First the best new add-ons:

Pencil

Pencil allows everyone to create graphic interfaces and diagrams right within Firefox.

Tagmarks

This one is intended to help you better organize and access your bookmarks in Firefox. It adds a number of icons and associates these icons with the tags that you use for the bookmarked pages. So when you need to access some of the bookmarked pages marked with a certain tag you will simply need to click the icon associated with this particular tag.

HandyTag

This is another tool to help you manage Firefox bookmarks. HandyTag retrieves relevant keywords from various sources (including your own existing tags, meta-tags of the bookmarked pages, delicious tags for these bookmarked pages) and allows a user to apply them to bookmarks as tags.

The winners in the best updated add-ons category are:

Read It Later

This one is quite a popular add-on already that allows users to save certain pages to read later (online or offline) separately from your main bookmarks that you actually want to keep forever.

TagSifter

Another add-on dealing with tags for your bookmarks. This one allows you to easier browse your bookmarks based on tags. TagSifter must have received the prize because it addresses an important problem of Firefox shifting to tag-based bookmarking from the traditional folders without providing tools to tag your existing bookmarks. And since TagSifter actually provides functionality to do just that, it must be very useful for all the users that want all their bookmarks (including those created before the upgrade to version 3) properly tagged.

Bookmark Previews

This add-on does exactly what it promises to do in the name: adds previews for your bookmarks and offers both an album view and thumbnail view for the bookmarks in the Library.

And the best music add-on is Fire.fm, a tool for quick direct access to Last.fm music library and functionality.

And while I don’t see any of my favorite add-ons in the list of winners (and I tend to believe I am not the only one like that) Gina Trapani (who was on the panel of judges for this year’s contest) explains that “this is the Extend Firefox 3 contest. Therefore, you’ll notice the winners’ entries primarily involve new Firefox 3-specific features, like bookmark tags and web page preview capabilities.”

So it looks very much to me that Firefox team has very much encouraged those add-ons that deal with the new features of Firefox that seem to lack in functionality as they are. I believe now that they are announced to be the best Firefox add-ons, they will dramatically increase the number of installs they get but unfortunately I don’t see them becoming actually the most useful Firefox tools for the end user.

Source : profy.com

Tags: , , , , , ,
Posted in Firefox, Web Browsers, softwares - news | No Comments »

« Older Entries