Opscode, the commercial side of the open source Chef configuration management tool beloved by Google, Facebook, and IBM, has warned customers that a flaw in an unnamed third-party application has left its wiki and ticketing system pwned. "The attacker gained escalated privileges and downloaded the user database for the wiki …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Thursday 1st August 2013 23:38 GMT Anonymous Coward

Cookery?

'Chef configuration management tool beloved by Google'

I know, I'm being pedantic.....

0 0
Friday 2nd August 2013 02:04 GMT Anonymous Coward

Breaches/attacks like this can happen to any company. Their response time and reaction to this was exemplary. You really have to give them that.

3 0
1. Friday 2nd August 2013 04:46 GMT Wzrd1
  
  True, but I'm also dubious on that number.
  
  Suddenly, masses of layers evaporated.
  
  *So* not happening!
  
  Now, real world version:
  
  "We noted the attack and blocked it. It ended five minutes after our efforts.
  
  The attack could still be continuing, it could be alive and well in the city of mention in the CDC report.
  
  1 0
Friday 2nd August 2013 02:36 GMT silent_count

Was the user database encrpted? And if not, why wasnt it?

1 1
Friday 2nd August 2013 05:25 GMT lamont

If you note the announcement mentions that the user passwords in the database were cryptographically hashed (and via a strong hashing algorithm).

The contents of the database was the public wiki and ticket system which is already indexed by google.

1 0
Friday 2nd August 2013 07:24 GMT John Smith 19

Better handled than how RSA did it?

Yes

3 0
Friday 2nd August 2013 10:17 GMT Phil Bennett

Missed opportunity

"Chef doesn't use salt" surely?

1 0