OpenSSL site defacement involving hypervisor hack rattles nerves (updated)

[JMH]

The official website for the widely used OpenSSL code library was compromised four days ago in an incident that is stoking concerns among some security professionals.

Code repositories remained untouched in the December 29 hack, and the only outward sign of a breach was a defacement left on the OpenSSL.org home page. The compromise is nonetheless rattling some nerves. In a brief advisory last updated on New Year's Day, officials said "the attack was made via hypervisor through the hosting provider and not via any vulnerability in the OS configuration." The lack of additional details raised the question of whether the same weakness may have been exploited to target other sites that use the same service. After all, saying a compromise was achieved through a hypervisor vulnerability in the Web host of one of the Internet's most important sites isn't necessarily comforting news if the service or hypervisor platform is widely used by others.

OpenSSL site defacement involving hypervisor hack rattles nerves (updated) | Ars Technica

 

[cluberti]

Hoster uses primarily VMware and Xen hosts, VMware says it wasn't them (and they'd likely have been involved in investigating the breach) - so assuming they're not lying, that leaves either Xen or KVM....

 

[cluberti]

Looks like the cries of security at the hypervisor level may not be accurate at all. Now I'm *really* curious as to who screwed up what here:

OpenSSL Says Breach Did Not Involve Corrupted Hypervisor - InformationWeek