Fedora Infrastructure Compromised 115
Trailrunner7 writes "The infrastructure of the Fedora Project was compromised over the weekend and an account belonging to a Fedora contributor was taken over by an attacker. However, Fedora officials said they don't believe that the attacker was able to push any changes to the Fedora package system or make any actual changes to the infrastructure. The attack appears to have targeted one specific user account, which had some high-value privileges. The attacker was able to compromise the account externally, and then had the ability to connect remotely to some Fedora systems. The attacker also changed the account's SSH key, Fedora officials said."
Re:Yay, Open Source! (Score:2, Interesting)
Actually, even Microsoft employees working remotely have to jump through so many hoops for a flaky VPN connection that there is no way anyone could get in for long enough to do significant damages. A Microsoft employee recruiting in colleges on the East coast showed me their system. You can't use a standard VPN client - even the built-in Windows one. It uses SmartCards and multiple passwords for authentication and disconnects if the card even shifts a bit in the card reader.
It would probably be easier to steal a physical device than to get into their network from outside a Microsoft office.