Server hack prompts call for cPanel customers to take “immediate action”

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://arstechnica.com/security/2013/02/server-hack-prompts-call-for-cpanel-customers-to-take-immediate-action/

The providers of the cPanel website management application are warning
some users to immediately change their systems' root or administrative
passwords after discovering one of its servers has been hacked.

In an e-mail sent to customers who have filed a cPanel support request
in the past six months, members of the company's security team said
they recently discovered the compromise of a server used to process
support requests.

"While we do not know if your machine is affected, you should change
your root level password if you are not already using SSH keys," they
wrote, according to a copy of the e-mail posted to a community forum.
"If you are using an unprivileged account with 'sudo' or 'su' for root
logins, we recommend you change the account password. Even if you are
using SSH keys we still recommend rotating keys on a regular basis."

The e-mail advised customers to take "immediate action on their own
servers," although team members still don't know the exact nature of
the compromise. Company representatives didn't respond to an e-mail
from Ars asking if they could rule out the possibility that customer
names, e-mail addresses, or other personal data were exposed. It's
also unclear whether the company followed wide-standing
recommendations to cryptographically protect passwords. So-called
one-way hashes convert plain-text passwords into long unique strings
that can only be reversed using time-consuming cracking techniques.
This post will be updated if cPanel representatives respond later.

The cPanel compromise is the latest in a long string of high-profile
hacks to be disclosed over the past few weeks. Other companies that
have warned users they were hacked include The New York Times, The
Wall Street Journal, security firm Bit9 Twitter, Facebook, Apple, and
Microsoft. On Tuesday, a computer firm issued an unusually detailed
report linking China's military to hacks against US companies,
although at least some of the most recent attacks are believed to have
originated in Eastern Europe.

It's unclear how many cPanel users are affected by the most recently
disclosed compromise. The hack has the potential to be serious because
the passwords at risk could give unfettered control to a large number
of customers' Unix-based computers.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.