Article

Red Hat hit by phishing scam

Jack Loftus, News Writer

Red Hat Inc. sent users a warning today about a fake e-mail that asked users to install a patch for a vulnerability in fileutils (ls and mkidir). The patch was actually a file that could allow a remote attacker to execute arbitrary code with root privileges in some Red Hat Linux distributions.

The attack arrived in the form of phishing scam from the fake e-mail address "security@redhat.com" and was first spotted late Friday. The heading of the e-mail read "Red Hat: Buffer Overflow in 'ls' and mk'dir'" and contained instructions on how to install a patch that Red Hat said may contain malicious code.

Red Hat said its official security messages are never unsolicited, are only sent from secalert@redhat.com and are digitally signed using GNU Privacy Guard keys.

Pete Lindstrom, an analyst at Malvern, Penn.-based Spire Security, said no individual vulnerability is a big deal in and of itself.

"Ultimately these things are found at the pace of 10 a day, some are more of a sign than others," he said. "What matters is if someone picks up on it and writes an exploit and allows folks to compromise [the application]."

Lindstrom said that these vulnerabilities are what security analysts and antivirus companies are always looking out for, and that the "bottom line is every piece of software is vulnerable."

"The fact that Microsoft is alone is silly and the idea that open source can be compromised is only recently being popularly

Requires Free Membership to View

recognized," he said. "If enough people focus on a particular problem they are going to come up with a vulnerability.

"That's true for all software whether it is packaged or open source, Microsoft or not," Lindstrom said.

that's true for all software whether it is packaged or open source, Microsoft or not

Let us know what you think about the story; e-mail: Jack Loftus, News Writer


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: