It is to some extent, but remember, we now, on selected systems, have a universal interface layer, so we don't know if it was Brute Force SSH, or something else.
Until the hackers say or reveal anything, we don't know, and that could be anything from improperly updated software like Bash, to SSH, to anything.
The best anyone can do is wait and see, and do testing on systems to check for vulnerabilities.
________________________________
From: shraptor<
mailto:shraptor@bahnhof.se>
Sent: 7/22/2015 12:51 AM
To: dng@???<
mailto:dng@lists.dyne.org>
Subject: Re: [DNG] Ashley Madison hack
I thought the most common attack on linux servers
were still SSH bruteforce?
On 2015-07-22 03:16, Robert Storey wrote:
> This might seem an unusual topic, but I think it has relevance to this
> list.
>
> Probably, most of you by now have heard that the adultery web site,
> Ashley Madison (http://www.ashleymadison.com [1]) has been hacked by
> some group that is demanding the site shut down.
>
> I don't really know much about Ashley Madison, and I assure you that I
> am not one of their customers. From what I now gather, it's a
> pay-for-play adultery web site, famous for hitting your web browser
> with annoying popouts.
>
> The relevancy to us here in Devuanland: I did a search on Netcraft,
> and it seems that the site runs on Linux, and uses Nginx as a web
> server. Some of the older servers report Red Hat as their OS, but the
> newer servers just say "Linux." I can't find out anything about which
> distro, and whether or not they are running systemd.
>
> Anyway, security is a big issue for me, as it is for all system
> administrators. So I'm kind of curious as to how the hack happened. A
> google search didn't turn up any useful info about this.
>
> My understanding is that to hack a web server, you exploit security
> holes in either the OS, or the web server software (Nginx, Apache,
> etc), or the scripting language (usually php). I confess that I'm not
> an expert. My interest in this Ashley Madison hack is that I think
> systemd has all the potential to create vast new security holes that
> would be very difficult to understand. If so, we could be seeing a lot
> more of this.
>
> I can't say much more, because I have no solid info. Just wondering if
> anyone has heard anything reliable about how the exploit was carried
> out. And whether or not systemd could have aided and abetted the
> process.
>
> cheers,
> Robert
>
>
>
> Links:
> ------
> [1] http://www.ashleymadison.com
>
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
_______________________________________________
Dng mailing list
Dng@???
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng