Fedora and Red Hat servers broken into

Several of the servers used by the Fedora project were broken into, including one used for the signing of packages for automatic updates of end users’ systems. Fortunately, it appears that attempts by the intruder to break the key phrase used for signing has not been successful, which would have allowed the attackers to introduce malicious software via the update process. As a precautionary measure though, the Fedora team have started signing all packages with a new key.

Red Hat also suffered a smaller scale intrusion into its servers, where the intruder managed to sign a small number of OpenSSH packages for RedHat Enterprise Server. Update packages have now been provided, as well as a script for users to test if they were affected. The Fedora Project manages both the development and distribution of Red Hat’s free version of the Linux operating system.

As corporations grow increasingly comfortable with the use of open source in the enterprise, it is inevitable that core infrastructure used for maintaining these systems will come under increasing attacks. Enterprises should factor in potential security breaches on such fronts as part of their security risk evaluation.

You can read more about the security breach here.

Opera 9.52 update fixes number of security holes

The latest revision to the Opera Web browser – version 9.52, fixes a number of security holes. At least two of them could be exploited for malicious purpose.

Excerpt from heise Security:

This includes an issue on Windows when Opera is registered as a protocol handler for an unspecified protocol, Opera would crash allowing for code injection, and an issue where external applications started from custom short cuts or menus, could have start-up parameters written into uninitialised memory. The latter issue requires significant user interaction to execute an attack, but worked on Windows, Linux, FreeBSD and Solaris.

A number of other security issues were also addressed, as well as fixes to increase the stability of the browser. Users are recommended to install this update, available for all platforms.

You can read the Windows Changelog of Opera 9.52. here.

Vulnerability reported in Tomcat

A directory traversal vulnerability has been discovered in Apache Tomcat which could be exploited for directory traversal by a remote attacker. The result is that access to arbitrary files on the server could be gained. Tomcat is a Web server designed to implement Java Servlets and Java Server Pages (JSP).

According to US-CERT, this vulnerability affects versions 4.1.0-4.1.37, 5.5.0-5.5.26, and 6.0.0-6.0.16. Patches that addresses the vulnerability can be found in Apache Tomcat 4.1.38, 5.5.27, and 6.0.18

Administrators are encouraged to patch as exploit code for this vulnerability has been spotted in the wild.

You can read the US-CERT vulnerability note here.

The security risks of SSDs

Network World has a report where security experts warn that Solid State Drives, or SSDs, are not as secure as commonly believed to be. The reason has to do with the fact that SSDs, like traditional hard disks, do not completely erase data.

Indeed, wear-levelling algorithms designed to prolong the usable life of SSDs directly contributes as multiple copies of data could end up scattered over the SSD as modifications are made to files. The risk is heightened by mistaken notions on the security of various authentication mechanisms. However, it is relatively trivial to disassemble an SSD or storage device to directly access the NAND memory chips.

Jim Handy, director of a semiconductor research and consulting firm noted in Network World that:

A hacker could easily unsolder NAND chips from an SSD and read the data using a flash chip programmer. Once the data is read, the files could be reassembled using data recovery software, Handy said. “There’s really nothing sophisticated about this process,” he said.

To enhance te security of SSDs, one solution would be to integrate encryption keys inside the SSD controller device at the hardware level. Data stored in the NAND would be encrypted, rendering them more immune to physical attacks.

Feel free to to discuss the various security events here.