[Noisebridge-discuss] Security on the network at 83c.

Thu Jul 30 15:42:33 UTC 2009

I'd like to publicly thank Rubin, Andy, and all the other unsung
admins who keep things running at NB. This is a thankless task and the
only time people notice you is when things go wrong.
I am always pleased that whenever I visit the space the net is up and
super fast, so yay for you folks!

I for one am not upset about pwnage, indeed surprised it doesn't
happen more often,  as anything labeled a "hacker" space is no doubt
seen as a target by kiddies and trolls.

Thanks for full disclosure, and whatever you folks are doing, rock on,
it's excellent. And before anyone else gets their knickers in a twist,
consider helping secure the network rather than flaming about it.

On Thu, Jul 30, 2009 at 12:29 AM, Rubin Abdi<rubin at starset.net> wrote:
> Hello members and guests.
>
> I am an admin of Pony and a small number of other machines at 83c. I am
> not an expert at internet security. I am also not overly paranoid at
> getting my machine owned.
>
> Recently a member of our admins had a machine of his rooted, this
> machine isn't one of Noisebridge's but did possibly have credentials to
> access machines within 83c and could most certainly have had the ability
> to maliciously monitor any connections to any machines at 83c. Not going
> to bother stating who this person is, leaving it up to them.
>
> In short, there is a possibility that a 3rd party could have full root
> access to many of the hosted machines at 83c, *but* there is no evidence
> that such a thing has happened yet. This 3rd party could potentially
> monitor any traffic going through the space, and/or gain access to any
> user credentials left on a machine there, namely Pony. Also they could
> use any hosted machines at 83c to launch malicious attacks on any other
> machines connected to the local network. Again, no evidence of such
> attacks have been found yet.
>
> After this possible potential point of entry for bad things was found, a
> pair of the admins opted to take Pony offline yesterday. As of right now
> Pony is back online. In the mass confusion and prioritization in finger
> pointing, I don't actually know if anyone's done anything to Pony to
> verify it's integrity.
>
> Before panic hits I would like to remind everyone that the network at
> Noisebridge is very much open. Anyone within access to our wifi could
> simply monitor all traffic on the network, such as any unsecure web or
> email traffic (which is most of the traffic). Or simply spoof traffic.
> Pony too is very much an open ended machine and we've told members to
> keep in mind that it's a linux box in a hack space, please don't store
> important stuff on there.
>
> Once again, if you're at 83c the internet is free to use, but there's no
> guaranty of security. The person sitting across from you, or the bum in
> the ally way could be totally attempting to sniff your web traffic or
> maliciously try to gain access to your personal machine. This is the
> same sort of security (or lack there of) you'll find connecting to any
> other open wifi network, and has always been the case at 83c, before and
> after news of this attack.
>
> If you have authentication credentials on Pony, I would highly recommend
> rotating them out (such as resetting passwords or rekeying private keys
> left on Pony) and not use it to host stuff like that.
>
> As a *not* security expert I don't see Noisebridge as anymore of a
> hostile network as a net cafe, before and after all this news. I am
> fairly sure some of our other members will beg to differ, and I think
> they should.
>
> Thanks for reading.
>
> --
> Rubin Abdi
> rubin at starset.net
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>