and what about that breach?

Story: OpenSSL site defacement involving hypervisor hack rattles nerves (updated)Total Replies: 2
Author Content

Jan 04, 2014
1:54 PM EDT
So OpenSSL uses a shared hosting service, and still hasn't released their promised report of the breach that took the whole works down for over a month. Not very reassuring.

Jan 04, 2014
5:46 PM EDT
Well, a defaced website caused by weak passwords has nothing to do with the underlying git code.

People hack into websites all the time.

Jan 04, 2014
6:09 PM EDT

Quoting: The OpenSSL server is a virtual server which shares a hypervisor with other customers of the same ISP. Our investigation found that the attack was made through insecure passwords at the hosting provider, leading to control of the hypervisor management console, which then was used to manipulate our virtual server.

The source repositories were audited and they were not affected.

Sure, and what other holes is the host leaving open?

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!