Apache.org hack


Flask Data provides a one-stop cloud subscription for EDC, data management and statistics.

Friday morning August 28, a compromised SSH key  enabled attackers to deploy a rootkit and upload files to one of the Apache Foundation servers, the files were then synch’ed to a production server.

A blog post from the Apache Foundation explained that attackers accessed an account at a hosting provider:

“To the best of our knowledge at this time, no end users were affected by this incident,  and the attackers were not able to escalate their privileges on any machines. While we have no evidence that downloads were affected, users are always advised to check digital signatures where provided,” the staff wrote. “The attackers created several files in the directory containing files for www.apache.org, including several CGI scripts.  These files were then rsynced to our production webservers by automated processes.  At about 07:00 on August 28 2009 the attackers accessed these CGI scripts over HTTP, which spawned processes on our production web services”

Last year – we heard that SSH keys generated on certain versions of Debian and Ubuntu were considered compromised because of a highly predictable random number generator.

Considering that apache.org serves up the most popular Web server on the planet for both Windows and Linux – it’s a significant event, although being Open Source – it’s not an issue of confidentiality – but an issue of the software integrity – which is easy enough to ensure by reloading fresh copies from the SVN, of the files that were uploaded

First noted on F-Secure

Related Posts Plugin for WordPress, Blogger...

Flask Data is a technology company with a strong people focus. We are a diverse group of computer scientists and clinical operations specialists based in Israel, the US and India. We are accomplished at providing our customers with the most effective way to achieve high quality clinical data and assure patient safety. There is no single solution that works for every clinical trial. We work hard to understand your unique situation. We work with your team to develop the best solution to achieve high quality clinical data and assure patient safety the same day you engage with patients.

Flask Data – same data data and safety solutions for clinical trials.

Contact us to learn more

Tell your friends and colleagues about us. Thanks!
Share this
,

Leave a Reply