On MovieTome: Top Ten: Most Bizarre Twilight Merch
BNET Business Network:
BNET
TechRepublic
ZDNet

August 28th, 2009

Apache.org hit by SSH key compromise

Posted by Ryan Naraine @ 8:13 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Digital rights management, Exploit code, Hackers, Locally Running Web Servers, Open source, Passwords, Patch Watch, Uncategorized

Tags: SSH, Apache Software Foundation, Open Source, Ryan Naraine

The open-source Apache Software Foundation pulled its Apache.org Web site offline for about three hours today because of server hack caused by a compromised SSH key.

A brief message posted on the site (see image below) made it clear the compromise was “not due to any software exploits in Apache itself”, but was actually caused by a compromised SSH key.

The group did not say which Apache software servers were affectedUPDATE: An initial report from Apache is now available.

* Screenshot via The H Security. More at Threatpost.com.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 9 Talkback(s)
Why allow keys for backup to come inbound??
I understand the need to use SSH for off-site backup on occasion, but in
addition to bjbrock's point (which it sounds like there was not a password)
why would keys used to copy OUT a backup be... (Read the rest)
Posted by: Chester Wisniewski - Sophos Posted on: 08/31/09 You are currently: a Guest | | Terms of Use
SSH Key password  bjbrock | 08/28/09
Why allow keys for backup to come inbound??  Chester Wisniewski - Sophos | 08/31/09
I'm wondering if this is a fallout from the Debian OpenSSH fiasco  honeymonster | 08/28/09
You give Apache far too much credit  LiquidLearner | 08/28/09
Actually...  storm14k | 08/29/09
I'm not discounting  LiquidLearner | 08/29/09
Its still more damaging to them...  storm14k | 08/31/09
RE: Apache.org hit by SSH key compromise  nigebj | 08/31/09
ssh over public internet  davidr69 | 08/31/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
The best support in the Linux business
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
Learn more >>
Keep Up With The Latest In Document Management with The DocuMentor.
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
Learn more >>
The more you simplify, the more you save
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
Learn more >>
Save time with automated shipping solutions
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
Visit the UPS Business Essentials Guide
Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
Learn more about the free, six-month trial offer>>
Reduce risk. Reduce complexity. Increase reliability.
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
Learn more >>
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline