Hosting firm denies weak passwords led to gigantic hack attack
June 10, 2009
Russ Foster, director of Web hosting provider VA-Serv.com has fully denied public allegations that weak and insecure password management combined with loosely configured servers were responsible for a massive Internet attack that wiped out data for more than 100,000 Web sites in more than 23 countries.
Foster also says that he was shocked when he learned that the CEO of an Indian software company hanged himself late last night, shortly after his software was determined to be the culprit of the security breach of the UK-based Web hosting firm.
As previously reported, the apparent suicide of K.T. Ligesh came around the same time Foster said a serious vulnerability in a virtualization management application made by Ligesh's Lx Labs led to the catastrophic security breach.
Foster was quoted as saying "I wondered if I was responsible in some way. I'm just so, so tired." (!)
The comments came a few hours after an anonymous posting from one of the purported attackers claimed Foster's repeated use of the same four passwords over and over again laid to the groundwork for the mass compromise of VA Serv's system.
It went on to even suggest that VAServ's main website ran on what's known as a virtualized private server, a configuration that the writer claimed made the password attack work quickly.
"Z3r0 day in hypervm?" the anonymous poster wrote, substituting numbers for letters as is common in hacker parlance. "Plz u give us too much credit."
Foster said he has discounted the posting because it contained fabricated details, including passwords and IP address information, along with a description of part of his network topology.
The post was general enough that it could have been written by anyone. It was originally added to this thread discussing the Vaserv incident on a website that caters to webhosts. It was quickly removed and later reposted on other similar forums such as the Web Hosting Tech Support Forum. That forum also rapidly removed the post as well.
"I don't have any of those passwords," he said of the secret phrases that were included in the post. "I don't recognize them either."
About 2 days after the data was suddenly deleted from more than 200 servers operated by VAServ, a few company technicians have managed to retrieve some of the lost information and restored the hosting service for some but not all of the 100,000 to 150,000 Web sites it hosted.
Foster also warned on June 8 that data for some customers who signed up for unmanaged accounts was likely gone forever!
The security breach has proved trying for Foster, who announced in a posting Vaserv was being taken over by a larger hosting provider known as BlueSquare.
Foster even added "I've personally reached the end of my physical and emotional tether."
He went on to say that he decided to "do what is best for the customer base as it stands and get some "big boys" in behind to help get things back up and running and give people a chance."
Needless to say, Foster's blatant lack of security implementation at his company has surprised more than one in the hosting industry.
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing