Server hack prompts call for cPanel customers to take "immediate action"

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/security/2013/02/server-hack-prompts-call-for-cpanel-customers-to-take-immediate-action/

By Dan Goodin
Ars Technica
Feb 22 2013

The providers of the cPanel website management application are warning some 
users to immediately change their systems' root or administrative passwords 
after discovering one of its servers has been hacked.

In an e-mail sent to customers who have filed a cPanel support request in the 
past six months, members of the company's security team said they recently 
discovered the compromise of a server used to process support requests.

"While we do not know if your machine is affected, you should change your root 
level password if you are not already using SSH keys," they wrote, according to 
a copy of the e-mail posted to a community forum. "If you are using an 
unprivileged account with 'sudo' or 'su' for root logins, we recommend you 
change the account password. Even if you are using SSH keys we still recommend 
rotating keys on a regular basis."

The e-mail advised customers to take "immediate action on their own servers," 
although team members still don't know the exact nature of the compromise. 
Company representatives didn't respond to an e-mail from Ars asking if they 
could rule out the possibility that customer names, e-mail addresses, or other 
personal data were exposed. It's also unclear whether the company followed 
wide-standing recommendations to cryptographically protect passwords. So-called 
one-way hashes convert plain-text passwords into long unique strings that can 
only be reversed using time-consuming cracking techniques. This post will be 
updated if cPanel representatives respond later.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org