On December 29, 2013 the website OpenSSL.org was hacked, and their homepage was defaced. This breach of security led many to wonder whether the service responsible for securing many other business’s information had a security risk of their own. A lot of investigation has taken place since the attack was corrected to determine the cause of the incident and now VMWare is saying that their hypervisor was in no way responsible for the hacking breach.
OpenSSL Says Dec 29 Hack Was Not Due To Faulty HypervisorFingers are now pointed at OpenSSL’s hosting provider, of whom they are accusing of having a faulty security measure in their own password protection program. This security breach in the hosts password system allowed the claimed attackers, TurkGuvenligiTurkSec, to gain access to the website portion of OpenSSL. As part of the hack, the group placed a message on the homepage to scare customers of the companies services.
In short, we are all led to believe that this was a breach of security of the webpage only, and not of any of OpenSSL’s services. They continue to stand by the services that they offer for encryption on sites and applications.
Other groups are still supporting their own theories about how a security breach could have been possible by attacking the company’s hypervisor that was in place to secure it in the first place. While those theorists try their best to model a possible hack that would be likened to crawling through the ventilation system at the Pentagon to steal documents Mission Impossible Style, it seems more likely that it was a much simpler explanation all together. This would be more likened to someone stealing a janitors work badge, and then swiping their way in through the service door on the side of the building.
OpenSSL Says Dec 29 Hack Was Not Due To Faulty Hypervisor.