No hypervisor vulnerability exploited in OpenSSL site breach

No hypervisor vulnerability exploited in OpenSSL site breach

تاریخ ایجاد

ID: IRCNE2014012058
Date: 2013-01-04

According to "techworld", the OpenSSL Project confirmed that weak passwords used on the hosting infrastructure led to the compromise of its website, dispelling concerns that attackers might have exploited a vulnerability in virtualization software.
The home page of www.openssl.org, the official site the OpenSSL Project, was defaced Sunday to display a message from a group of hackers called TurkGuvenligi.
The incident caused concern among security experts because OpenSSL is a very popular cryptographic library that's used to implement secure communications in a wide variety of software products, from Web servers to mobile apps.
On Jan. 1, the OpenSSL Project published some preliminary findings following an initial investigation into the compromise and said that the integrity of the OpenSSL source code had not been affected.
However, the preliminary report sparked new concerns because it also said the attack happened through the hypervisor of the hosting environment.
The OpenSSL Project updated its own report Friday to clarify that the attack was not the result of a vulnerability in the hypervisor itself, but a result of the hosting provider using insecure passwords, the OpenSSL Project said.
Indit Hosting did not immediately respond to a request for comment, but the OpenSSL Project said that steps were taken to protect against this type of attack in the future.

برچسب‌ها