Here's the full article:
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1366479,00.html?track=sy160
When the US servers got hacked they had to switch all traffic to the EU mirrors. They didn't know how the hack got the key to start with. This is a good example of what happens with symmetric key encryption, when the key is compromised. "TOO MANY SECRETS" (from Sneakers).
Subscribe to:
Post Comments (Atom)
The blog mentioned in your article says:
ReplyDeleteOn August 27th, starting at about 18:00 UTC an account used for automated backups for the ApacheCon website hosted on a 3rd party hosting provider was used to upload files to minotaur.apache.org. The account was accessed using SSH key authentication from this host.
http://blogs.apache.org/infra/entry/apache_org_downtime_initial_report
Sounds like an inside job?
Apache announced the problem and the steps they were taking to deal with it. This is the responsible way to go.
I think the SSH key was compromised by theft, not encryption failure.
I definitely agree that it had to be theft from inside. It was interesting that they made it a point to clarify that the security failed and not the software.
ReplyDelete