The main site of the Apache Software Foundation was compromised on Friday through an attack using a compromised SSH key. The main Web server for the site had been compromised and the foundation had taken many of its services offline as a precaution. The attack is reminiscent of the incident last year in which experts warned that SSH keys generated on certain versions of the. versions of. certain versions. of. Ubuntu were considered compromised because of a highly predictable random number generator. That problem led to widespread concern about the integrity of those keys. No end users were affected by this incident, and the attackers were not able to escalate their privileges on any machines.
Source: https://threatpost.com/apache-site-hacked-through-ssh-key-compromise-082809/72933/