Your Daily Source for Apache News and Information  
Breaking News Preferences Contribute Triggers Link Us Search About
SecurityPortal: A Matter of Trust: How Apache.org Was Compromised
(Jun 6th, 19:52:16 )

Kurt Seifried discusses how Apache.org was compromised, offering that part of a growing problem we face in computer security is trust: "The SSH protocol is used to secure these connections with strong encryption, which provides a tunnel between the two communicating machines. Furthermore, it is assumed that the end developer's machine is secure, and that there are no keystroke loggers running, or items like KeyGhost hooked up to the machine. Herein lies a problem. More and more people are using machines that are not always secure or should not be considered "trusted."

"The number of publicly available terminals in libraries, educational computer labs, cafe's and other places has exploded in the last few years. The vast majority of these machines are not very well secured, ranging from Linux machines in a private cubicle (where LILO was not locked down) to windows machines that will cheerfully boot from a floppy disk.

While breaking into these systems and logging passwords is probably not going to help you break into a specific site, if you throw out a large enough net you will catch something of interest eventually. This is especially true for more populous systems such as ISP shell servers and university servers (which are notorious for being poorly secured). Once you have a shell account on a system it becomes much easier to exploit any security flaws, local or remote."

Complete Story

Related Stories:
Apache Software Foundation Server compromised, resecured.(May 31, 2001)


Printed from Apache Today (https://apachetoday.com).
https://apachetoday.com//news_story.php3?ltsn=2001-06-06-001-12-SC

About Triggers Media Kit Security Triggers Login


All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux 2.4, Apache 1.3, and PHP 4
Copyright 2002 INT Media Group, Incorporated All Rights Reserved.
Legal Notices,  Licensing, Reprints, & Permissions,  Privacy Policy.
http://www.internet.com/