Apache.org hit by SSH key compromise

By Ryan Naraine for Zero Day | August 28, 2009 -- 08:13 GMT (01:13 PDT) | Topic: Open Source

The open-source Apache Software Foundation pulled its Apache.org Web site offline for about three hours today because of server hack caused by a compromised SSH key.

A brief message posted on the site (see image below) made it clear the compromise was "not due to any software exploits in Apache itself", but was actually caused by a compromised SSH key.

The group did not say which Apache software servers were affected. UPDATE: An initial report from Apache is now available.

* Screenshot via The H Security. More at Threatpost.com.

Join Discussion

Add Your Comment

More from Ryan Naraine

Security

Browser vendors block 'active attacks' using fraudulent digital cert
Security

10 security stories that shaped 2012
Security

Adobe code signing infrastructure hacked by 'sophisticated threat actors'
Security

Microsoft to ship emergency IE patch to thwart active attacks

Please review our terms of service to complete your newsletter subscription.

By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy.

You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.

You agree to receive updates, alerts, and promotions from the CBS family of companies - including ZDNet’s Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe at any time.

By signing up, you agree to receive the selected newsletter(s) which you may unsubscribe from at any time. You also agree to the Terms of Use and acknowledge the data collection and usage practices outlined in our Privacy Policy.

Newsletters

See All

Related Topics:

Join Discussion

More from Ryan Naraine

Newsletters

Related Stories