[ISN] Web host breach may have exposed passwords for 6, 000 clients

From: InfoSec News (alerts@private)
Date: Wed Sep 19 2007 - 23:02:51 PDT


http://www.theregister.co.uk/2007/09/19/layered_technologies_breach_disclosure/

By Dan Goodin in San Francisco
19th September 2007

Layered Technologies has been targeted by malicious hackers who may have 
stolen passwords and other personal details on as many as 6,000 of its 
clients, the Texas-based web host provider warned. It is advising 
customers to change login credentials for all host details submitted in 
the past two years.

The Monday evening breach was executed by attacking an off-the-shelf 
application integrated into the company's support desk that manages help 
tickets submitted by customers, according to Layered Technologies 
President Todd Abrams. It remains unclear if the intruders actually took 
the information, but the attack had the potential to expose names, 
addresses, phone numbers, email addresses and server login details for 
five to 6,000 clients.

"Based on the log entries I'd say it's very unlikely they took a copy of 
the database," Abrams said. "It's not like a two-second download." He 
said the company wanted to err on the side of caution by asking all 
customers to change all passwords.

Payment details are stored in a separate system, so credit card 
credentials were not exposed unless a customer had opened a help ticket 
and included them in it, according to Abrams. Similarly, scanned IDs 
that some customers are required to submit when renting a server were 
also not routinely stored in the help-desk system. he said.

The perpetrators accessed the database by attacking an application known 
as Cerberus. According to this page on Secunia, at least 11 
vulnerabilities have been documented in various Cerberus tools, only one 
of which carried a "highly critical" severity rating. It was unclear 
what version of Cerberus Layered Technologies Layered Technologies uses.

(In Greek Mythology, Cerberus is the three-headed dog who stood guard 
over Hades. So why would marketers name a support desk app after a 
vicious canine responsible for tormenting damned souls trying to escape 
their frigid confines?)

The attack on Layered is part of a growing trend in cybercrime in which 
hackers target a single web host rather than the thousands of individual 
sites that that rely on it for service. In May, Brinkster.com required 
customers to change their login credentials after discovering many of 
them may have been compromised. Other hosts who have been penetrated 
include PlusNet and IPOWER.

Layered Technologies claims to be "one of the five largest global 
providers of on-demand hosting and utility computing solutions" and 
provides dedicated and managed server hosting services to small and 
medium-sized businesses. The company has "launched a series of 
initiatives to enhance and to protect," some of which are being 
implemented immediately, it said without elaborating.


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com



This archive was generated by hypermail 2.1.3 : Wed Sep 19 2007 - 23:21:38 PDT