Sent to you by wasc-whid via Google Reader: WHID 2011-21: Fedora servers breached after external compromise via Default WHID View on 1/25/11 Entry Title: WHID 2011-21: Fedora servers breached after external compromise WHID ID: 2011-21 Date Occurred: January 22, 2011 Attack Method: Brute Force Application Weakness: Insufficient Authentication Outcome: Session Hijacking Attacked Entity Field: Technology Attacked Entity Geography: Incident Description: On January 22, 2011 a Fedora contributor received an email from the Fedora Accounts System indicating that his account details had been changed. He contacted the Fedora Infrastructure Team indicating that he had received the email, but had not made changes to his FAS account. The Infrastructure Team immediately began investigating, and confirmed that the account had indeed been compromised. Mass Attack: No Reference: http://www.theregister.co.uk/2011/01/25/fedora_server_compromised/ Attack Source Geography: Things you can do from here: - Subscribe to Default WHID View using Google Reader - Get started using Google Reader to easily keep up with all your favorite sites