Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×
Security

Submission + - Dreamhost tells customers to expose themselved to MitM attack->

rstory writes: It appears that there was some sort of security breach at Dreamhost, and on Friday they decided to generate new SSH host keys for all their servers. This was done without any notification to their customers. The only mention is on their status blog page, which I'd venture to guess that most customers don't even know about, and there they tell all their customers to delete their old keys and accept the new ones. They seem to lack a basic understanding of public key cryptography: public keys are meant to be PUBLIC. Can anyone think of a good reason why a) they wouldn't send out an email in advance (or immediately afterwards) to notify their customers, and b) they wouldn't post a page of all the new keys for customers to be able to verify? This seems to be highly irresponsible.
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Dreamhost tells customers to expose themselved to MitM attack

Comments Filter:

All great discoveries are made by mistake. -- Young

Working...