http://www.theregister.co.uk/2009/09/03/apache_website_breach_postmortem/ By Dan Goodin in San Francisco The Register 3rd September 2009 Administrators at the Apache Software Foundation have pledged to restrict the use of Secure Shell keys for accessing servers over their network following a security breach on Monday that briefly forced the closure the popular open-source website. In an detailed postmortem describing how hackers penetrated several heavily fortified machines, site admins identified their use of SSH keys as one of the flaws that made the attack possible. They went on to lay out concrete ways they plan to fix the problems, which also included faulty procedures for backing up data and methods for providing geographically localized servers for downloads. "At no time were any Apache Software Foundation code repositories, downloads, or users put at risk by this intrusion," they wrote here. "However, we believe that providing a detailed account of what happened will make the internet a better place, by allowing others to learn from our mistakes." The hack started with the compromise of apachecon.com, a website that's owned by the ApacheCon conference production company. Although logs confirming the exact cause were destroyed, investigators suspect it was the exploit of one or more local root vulnerabilities in the Linux kernel for which Red Hat issued a patch seven days earlier but had not yet been installed. They then used the SSH key for a backup account to access the server that runs people.apache.org. [...] ________________________________________ Subscribe to InfoSec News http://www.infosecnews.orgReceived on Fri Sep 04 2009 - 02:03:42 PDT
This archive was generated by hypermail 2.2.0 : Fri Sep 04 2009 - 02:11:59 PDT