How did OpenSSL's home page get defaced?

Summary:They got hacked through the hypervisor, but it's not the hypervisor's fault. Blame their hosting service.

Several days ago, the home page for OpenSSL, the cryptography library used by almost everyone who isn't Microsoft, was hacked and replaced with this:

openssl-defaced

The extent of the attack was just what you see: the home page was defaced. Nothing else on the site was modified. Even so, how could such a security-conscious organization be so victimized?

OpenSSL has done their post-mortem and the report is in:

    The OpenSSL server is a virtual server which shares a hypervisor with other customers of the same ISP. Our investigation found that the attack was made through insecure passwords at the hosting provider, leading to control of the hypervisor management console, which then was used to manipulate our virtual server.

Sounds like their hosting provider has reason to be embarrassed. That would be Indit Hosting of Sweden. Just to be clear, in case it's not clear from the description: there was no vulnerability exploited in the attack. Indit Hosting simply didn't follow best practice for passwords.

Does your hosting service use strong passwords? It might be worth asking.

Topics: Security

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.