apache.org compromised
apache.org was down this morning and reports are that one of their servers has been compromised due to an SSH key being exposed. The SSH key was used by an account to perform backups. No vulnerabilities in apache or ssh software was used in this attack. When the incident was identified apache cut access to all of their services as a containment measure. Their web sites are now back online. An overview of the incident can be read here:
http://blogs.apache.org/infra/entry/apache_org_downtime_initial_report
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
WPA with TKIP done
In a paper titled "A Practical Message Falsification Attack on WPA" researchers in Japan describe how to perform the Beck-Tews style attack against any WPA-TKIP implementation, in under a minute. The paper and upcoming presentation have already been covered in the mainstream media. Thanks to all who wrote in.
If your hardware supports it, time to consider moving to WPA with AES or WPA2.
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
Comments