OpenSSL site defacement involving hypervisor hack rattles nerves (updated)

Update: About 12 hours after this brief was published, OpenSSL updated the advisory to say: “The OpenSSL server is a virtual server which shares a hypervisor with other customers of the same ISP. Our investigation found that the attack was made through insecure passwords at the hosting provider, leading to control of the hypervisor management console, which then was used to manipulate our virtual server.”

The official website for the widely used OpenSSL code library was compromised four days ago in an incident that is stoking concerns among some security professionals.