[Noisebridge-discuss] Security on the network at 83c.

Rubin Abdi rubin at starset.net
Thu Jul 30 07:29:58 UTC 2009 

Hello members and guests.

I am an admin of Pony and a small number of other machines at 83c. I am 
not an expert at internet security. I am also not overly paranoid at 
getting my machine owned.

Recently a member of our admins had a machine of his rooted, this 
machine isn't one of Noisebridge's but did possibly have credentials to 
access machines within 83c and could most certainly have had the ability 
to maliciously monitor any connections to any machines at 83c. Not going 
to bother stating who this person is, leaving it up to them.

In short, there is a possibility that a 3rd party could have full root 
access to many of the hosted machines at 83c, *but* there is no evidence 
that such a thing has happened yet. This 3rd party could potentially 
monitor any traffic going through the space, and/or gain access to any 
user credentials left on a machine there, namely Pony. Also they could 
use any hosted machines at 83c to launch malicious attacks on any other 
machines connected to the local network. Again, no evidence of such 
attacks have been found yet.

After this possible potential point of entry for bad things was found, a 
pair of the admins opted to take Pony offline yesterday. As of right now 
Pony is back online. In the mass confusion and prioritization in finger 
pointing, I don't actually know if anyone's done anything to Pony to 
verify it's integrity.

Before panic hits I would like to remind everyone that the network at 
Noisebridge is very much open. Anyone within access to our wifi could 
simply monitor all traffic on the network, such as any unsecure web or 
email traffic (which is most of the traffic). Or simply spoof traffic. 
Pony too is very much an open ended machine and we've told members to 
keep in mind that it's a linux box in a hack space, please don't store 
important stuff on there.

Once again, if you're at 83c the internet is free to use, but there's no 
guaranty of security. The person sitting across from you, or the bum in 
the ally way could be totally attempting to sniff your web traffic or 
maliciously try to gain access to your personal machine. This is the 
same sort of security (or lack there of) you'll find connecting to any 
other open wifi network, and has always been the case at 83c, before and 
after news of this attack.

If you have authentication credentials on Pony, I would highly recommend 
rotating them out (such as resetting passwords or rekeying private keys 
left on Pony) and not use it to host stuff like that.

As a *not* security expert I don't see Noisebridge as anymore of a 
hostile network as a net cafe, before and after all this news. I am 
fairly sure some of our other members will beg to differ, and I think 
they should.

Thanks for reading.

-- 
Rubin Abdi
rubin at starset.net

More information about the Noisebridge-discuss mailing list