Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

To make it easier for everyone reading the HN Post Title, they're talking about "Their Server(s) at OVH" being compromised, with no evidence of "OVH" itself (along with all customer servers) being compromised.

Now you may go ahead and read the post.



The author suggest the manager interface may have been used to get access to the servers. He saw a password reset mail he didn't asked for. So he suspect that there is a security weakness in the manager. Lets wait OVH manager explanation before calling back into question OVH's security.


Most strange thing is that he says the email was untouched so he concluded that the attacker somehow must've bypassed the email - if such a thing is possible..


On OVH's manager you can add secondary email addresses to a single account. I for example have three emails linked to my account. Upon logging in all those email addresses will get an email notifying me, AND upon doing a password reset all three email accounts will get the password reset link.

At the first compromise which may have been external to OVH's systems the attacker may have added their email address to the list of valid emails, and may have received the password reset email at the other email address. This could explain why the second reset password email was unread...


The attacker could have intercepted the email somewhere between OVH and the recipient unless the SMTP session was using SSL (which, unfortunately, isn't always the case).

Obviously this is highly speculative.


There are multiple managers in use at the moment, I've used v3 and v5 within the past 6 months. It's a shame they didn't mention the version they're using.


AFAIK v3 and v5 serve different product line so if they were mining bitcoins it was certainly on a dedicated server, so v3 it is ! And I don't think the manager was broken, my bet is the client got his email hacked or his machine keylogged. As OVH is the biggest European hoster if the manager was hacked there would be way more evidences than a few BC theft.


The linked post doesn't make it very clear, but the evidence that OVH itself was compromised is that two otherwise unrelated bitcoin services running on OVH (slush's pool and bitcoin-central) were compromised at around the same time.


I think the method of compromise doesn't depend on this specific customer; it could happen to any customer of OVH.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: