Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Security

Submission + - Dreamhost tells customers to expose themselved to MitM attack->

rstory writes: It appears that there was some sort of security breach at Dreamhost, and on Friday they decided to generate new SSH host keys for all their servers. This was done without any notification to their customers. The only mention is on their status blog page, which I'd venture to guess that most customers don't even know about, and there they tell all their customers to delete their old keys and accept the new ones. They seem to lack a basic understanding of public key cryptography: public keys are meant to be PUBLIC. Can anyone think of a good reason why a) they wouldn't send out an email in advance (or immediately afterwards) to notify their customers, and b) they wouldn't post a page of all the new keys for customers to be able to verify? This seems to be highly irresponsible.
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Dreamhost tells customers to expose themselved to MitM attack

Comments Filter:

"I'm not afraid of dying, I just don't want to be there when it happens." -- Woody Allen

Working...