June 6, 2001

A matter of trust: How Apache.org was compromised

Author: JT Smith

SecurityPortal.com has a story about Apache.org's recent security difficulties and says it's a matter being able to trust the people you work with. "An example of this would be developers logging into the primary Apache.org development
machine from remote locations. The SSH protocol is used to secure these connections with
strong encryption, which provides a tunnel between the two communicating machines.
Furthermore, it is assumed that the end developer's machine is secure, and that there are no
keystroke loggers running, or items like KeyGhost hooked up to the machine. Herein lies a
problem. More and more people are using machines that are not always secure or should not be
considered 'trusted.' "


  • Linux
Click Here!