[Noisebridge-discuss] Security on the network at 83c.
Rubin Abdi
rubin at starset.net
Thu Jul 30 07:29:58 UTC 2009
Hello members and guests.
I am an admin of Pony and a small number of other machines at 83c. I am
not an expert at internet security. I am also not overly paranoid at
getting my machine owned.
Recently a member of our admins had a machine of his rooted, this
machine isn't one of Noisebridge's but did possibly have credentials to
access machines within 83c and could most certainly have had the ability
to maliciously monitor any connections to any machines at 83c. Not going
to bother stating who this person is, leaving it up to them.
In short, there is a possibility that a 3rd party could have full root
access to many of the hosted machines at 83c, *but* there is no evidence
that such a thing has happened yet. This 3rd party could potentially
monitor any traffic going through the space, and/or gain access to any
user credentials left on a machine there, namely Pony. Also they could
use any hosted machines at 83c to launch malicious attacks on any other
machines connected to the local network. Again, no evidence of such
attacks have been found yet.
After this possible potential point of entry for bad things was found, a
pair of the admins opted to take Pony offline yesterday. As of right now
Pony is back online. In the mass confusion and prioritization in finger
pointing, I don't actually know if anyone's done anything to Pony to
verify it's integrity.
Before panic hits I would like to remind everyone that the network at
Noisebridge is very much open. Anyone within access to our wifi could
simply monitor all traffic on the network, such as any unsecure web or
email traffic (which is most of the traffic). Or simply spoof traffic.
Pony too is very much an open ended machine and we've told members to
keep in mind that it's a linux box in a hack space, please don't store
important stuff on there.
Once again, if you're at 83c the internet is free to use, but there's no
guaranty of security. The person sitting across from you, or the bum in
the ally way could be totally attempting to sniff your web traffic or
maliciously try to gain access to your personal machine. This is the
same sort of security (or lack there of) you'll find connecting to any
other open wifi network, and has always been the case at 83c, before and
after news of this attack.
If you have authentication credentials on Pony, I would highly recommend
rotating them out (such as resetting passwords or rekeying private keys
left on Pony) and not use it to host stuff like that.
As a *not* security expert I don't see Noisebridge as anymore of a
hostile network as a net cafe, before and after all this news. I am
fairly sure some of our other members will beg to differ, and I think
they should.
Thanks for reading.
--
Rubin Abdi
rubin at starset.net
More information about the Noisebridge-discuss
mailing list