Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security The Internet

Dreamhost FTP/Shell Password Database Breached 123

Posted by Soulskill from the another-day-another-intrusion dept.
New submitter Ccmods writes "Below is a snippet from an email Dreamhost sent to subscribers early Saturday morning, describing an intrusion into the database storing FTP and SSH usernames and passwords: 'We are writing to let you know that there may have been illegal and unauthorized access to some of your passwords at DreamHost today. Our security systems detected the potential breach this morning and we immediately took the defensive precaution of expiring and resetting all FTP/shell access passwords for all DreamHost customers and their users. ... Only the FTP/shell access passwords appear to have been compromised by the illegal access. Web panel passwords, email passwords and billing information for DreamHost customers were not affected or accessed.'"
This discussion has been archived. No new comments can be posted.

Dreamhost FTP/Shell Password Database Breached More

Dreamhost FTP/Shell Password Database Breached

Comments Filter:

  • FTP? (Score:5, Insightful)

    by MichaelSmith ( 789609 ) on Saturday January 21, 2012 @06:06PM (#38776741) Homepage Journal

    If the passwords are used for FTP they should be considered comprimised anyway.

  • Re:Not a big deal (Score:3, Insightful)

    by ZackZero ( 1271592 ) on Saturday January 21, 2012 @06:10PM (#38776761) Journal
    After spending time reading the misplaced anger and blatant misunderstanding of the method of password storage over on DreamHostStatus, it's good to see some rationality being injected somewhere.

  • Re:Not a big deal (Score:5, Insightful)

    by sortius_nod ( 1080919 ) on Saturday January 21, 2012 @06:37PM (#38776925) Homepage

    I actually think it's a big deal, but not for the reason most people are crying about.

    It's a bit deal that they have been open, honest, & cautious about the intrusion. Having seen so many high profile companies take the opposite stance lately, the DH intrusion should be made a big deal of, if anything, to show other companies how you react to being hacked without losing face with customers.

    For me, there is only one chance when it comes to security to get it right. If you try to hide intrusions, lie to customers, or stonewall tech sites trying to get more information, you aren't a company to be trusted with my data.

  • I'll see your SFTP and raise you... (Score:5, Insightful)

    by sakdoctor ( 1087155 ) on Saturday January 21, 2012 @06:45PM (#38776995) Homepage

    I'll see your SFTP and raise you disabling password authentication entirely, and using SSH public key authentication only.

    If your SSH server is visible over the Internet, you should use public key authentication instead of passwords if at all possible. If you don't think it's important, try logging all of the malicious login attempts you get for the next week.

    -- https://help.ubuntu.com/community/SSH/OpenSSH/Keys [ubuntu.com]

  • Re:Not a big deal (Score:3, Insightful)

    by etresoft ( 698962 ) on Saturday January 21, 2012 @09:43PM (#38777913)
    Like many Dreamhost customers, I have used many other hosts over the years. None has even come close to Dreamhost. Many companies try to project an aura of professionalism but are really mickey mouse operations on the inside. Dreamhost is the opposite. I think they make a point to act like clowns only to scare off the clueless, high-maintenance market.

Slashdot Top Deals

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (3) Ha, ha, I can't believe they're actually going to adopt this sucker.

Close