Apache Module Registry |
The Apache FAQ |
The Jakarta Project |
Apache-Perl Integration Project |
Apache XML Project |
The Java Apache Project |
Apache Project |
PHP Server Side Scripting |
The Apache Software Foundation |
ApacheCon |
Apache-Related Projects |
|
Linux Apps |
BSD Today |
Apache Today
|
Linux Today |
Linuxnewbie.org |
All Linux Devices |
Linux Start |
BSD Central |
Just Linux |
Linux Planet |
Linux Programming |
PHPBuilder |
Linux Central |
Enterprise Linux Today |
SITE DESCRIPTIONS |
|
|
SecurityPortal: A Matter of Trust: How Apache.org Was Compromised
Jun 6, 2001, 19 :52 UTC (0 Talkback[s]) (2331 reads) (Other stories by Kurt Seifried)
|
Kurt Seifried discusses how Apache.org was compromised, offering that part of a growing problem we face in computer security is trust: "The SSH protocol is used to secure these connections with strong encryption, which provides a tunnel between the two communicating machines. Furthermore, it is assumed that the end developer's machine is secure, and that there are no keystroke loggers running, or items like KeyGhost hooked up to the machine. Herein lies a problem. More and more people are using machines that are not always secure or should not be considered "trusted."
"The number of publicly available terminals in libraries, educational computer labs, cafe's and other places has exploded in the last few years. The vast majority of these machines are not very well secured, ranging from Linux machines in a private cubicle (where LILO was not locked down) to windows machines that will cheerfully boot from a floppy disk.
While breaking into these systems and logging passwords is probably not going to help you break into a specific site, if you throw out a large enough net you will catch something of interest eventually. This is especially true for more populous systems such as ISP shell servers and university servers (which are notorious for being poorly secured). Once you have a shell account on a system it becomes much easier to exploit any security flaws, local or remote."
Complete Story
Related Stories:
Apache Software Foundation Server compromised, resecured.(May 31, 2001)
|
|