AOH :: ISNQ5370.HTM

Breaching Fort Apache.org - What went wrong?

Breaching Fort Apache.org - What went wrong?
Breaching Fort Apache.org - What went wrong?


http://www.theregister.co.uk/2009/09/03/apache_website_breach_postmortem/ 

By Dan Goodin in San Francisco 
The Register
3rd September 2009 

Administrators at the Apache Software Foundation have pledged to 
restrict the use of Secure Shell keys for accessing servers over their 
network following a security breach on Monday that briefly forced the 
closure the popular open-source website.

In an detailed postmortem describing how hackers penetrated several 
heavily fortified machines, site admins identified their use of SSH keys 
as one of the flaws that made the attack possible. They went on to lay 
out concrete ways they plan to fix the problems, which also included 
faulty procedures for backing up data and methods for providing 
geographically localized servers for downloads.

"At no time were any Apache Software Foundation code repositories, 
downloads, or users put at risk by this intrusion," they wrote here. 
"However, we believe that providing a detailed account of what happened 
will make the internet a better place, by allowing others to learn from 
our mistakes."

The hack started with the compromise of apachecon.com, a website that's 
owned by the ApacheCon conference production company. Although logs 
confirming the exact cause were destroyed, investigators suspect it was 
the exploit of one or more local root vulnerabilities in the Linux 
kernel for which Red Hat issued a patch seven days earlier but had not 
yet been installed. They then used the SSH key for a backup account to 
access the server that runs people.apache.org.

[...]


________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org

Site design & layout copyright © 1986- CodeGods