Forgot your password?
typodupeerror
Security

+ - Dreamhost tells customers to expose themselved to MitM attack->

Submitted by rstory
rstory (155367) writes "It appears that there was some sort of security breach at Dreamhost, and on Friday they decided to generate new SSH host keys for all their servers. This was done without any notification to their customers. The only mention is on their status blog page, which I'd venture to guess that most customers don't even know about, and there they tell all their customers to delete their old keys and accept the new ones. They seem to lack a basic understanding of public key cryptography: public keys are meant to be PUBLIC. Can anyone think of a good reason why a) they wouldn't send out an email in advance (or immediately afterwards) to notify their customers, and b) they wouldn't post a page of all the new keys for customers to be able to verify? This seems to be highly irresponsible."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Dreamhost tells customers to expose themselved to MitM attack

Comments Filter:

Hacking's just another word for nothing left to kludge.

Working...