How did OpenSSL's home page get defaced?

How did OpenSSL's home page get defaced?

Summary: They got hacked through the hypervisor, but it's not the hypervisor's fault. Blame their hosting service.

SHARE:
TOPICS: Security
4

Several days ago, the home page for OpenSSL, the cryptography library used by almost everyone who isn't Microsoft, was hacked and replaced with this:

openssl-defaced

The extent of the attack was just what you see: the home page was defaced. Nothing else on the site was modified. Even so, how could such a security-conscious organization be so victimized?

OpenSSL has done their post-mortem and the report is in:

    The OpenSSL server is a virtual server which shares a hypervisor with other customers of the same ISP. Our investigation found that the attack was made through insecure passwords at the hosting provider, leading to control of the hypervisor management console, which then was used to manipulate our virtual server.

Sounds like their hosting provider has reason to be embarrassed. That would be Indit Hosting of Sweden. Just to be clear, in case it's not clear from the description: there was no vulnerability exploited in the attack. Indit Hosting simply didn't follow best practice for passwords.

Does your hosting service use strong passwords? It might be worth asking.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Are you Kidding SSL Is Wide Open!

    My EMAIL to OpenSSL is below
    ---

    Welcome to the OpenSSL Project

    The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)

    Check the SSL link could the Netscape website be right?

    Can't find what I'm looking for!

    LRK

    PS.
    While making this email I checked my info and found the link replaced with official link! Here's my History file

    http://img89.imageshack.us/img89/391/b6g3.png

    Notice AOL link when I clicked the Secure Sockets Layer (SSL v2/v3) link on your site!
    Your being hacked live in real time!
    Larwrence Kaufhold
    • @Larwrence

      Checked both Secure Sockets Layer and Transport Layer Security links .

      Both go to - https://www.openssl.org/related/ssl.html

      SSL/TLS
      These are references to the Secure Sockets Layer (SSL) and Transfer Layer Security (TLS) protocols.
      RickLively
      • That's the Point of subversion!

        I checked and you checked the addresses. They were correct the second time around! But not the first time I clicked on them. They were modified and replaced with valid links!. Check all links on your website!
        Larwrence Kaufhold
  • but but OPEN !!!

    many eyes, cant be hacked, OPEN !!!!! oh wait....
    Aussie_Troll