[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FYI (I wonder where the security is now?)

Date: Tue, 17 Feb 1998 19:27:22 +0000
From: Jeff Williams <jwkckid1@ix.netcom.com>
Subject: Re: FYI (I wonder where the security is now?)

Jim and all,

  FYI!  FOr you all that is.  I modified the subject line.  I thought it
might be fitting
considering the message.  (See below)

Jim Fleming wrote:

> >---------- Forwarded message ----------
> >Date: Tue, 17 Feb 1998 18:36:02 +1100
> >From: Leni Mayo <leni@moniker.net>
> >To: core@core.gtld-mou.org, core-srs@core.gtld-mou.org,
> >    poc-submit@gtld-mou.org
> >Subject: BREAK-IN AT THE SRS
> >
> >At approximately 5pm Sunday San Francisco-time, there was a break-in at
> >Best Internet.  Best Internet is the San Francisco-based ISP with which
> >the SRS is colocated.  Two machines that are part of the SRS have been
> >stolen.
> >
> >The police and FBI have been notified that a felony has occurred.
> >
> >It appears to be a professional burglary - no other cages or hardware
> >appear to have been compromised.
> >
> >The theives appear to have waited until a shift ended at 3:45 pm and
> >struck a short-time afterwards.  The shift-replacement was ill,
> >discovered the break-in remotely shortly after 6pm and arrived at the
> >site at 7pm.
> >
> >The two machines stolen were the front-end machine acting as part of the
> >firewall and the back-end machine containing the database.   A slightly
> >out-of-date copy of the SRS source code was on the back-end machine.
> >Early indications are that very little else from the SRS cage was
> >removed.
> >
> >Copies of the SRS source code have since been distributed to at least
> >two widely separated geographical locations and are maintained securely.
> >
> >The SRS key has been compromised but no CORE keys were compromised.  No
> >passphrases for CORE keys are kept online.
> >
> >Emergent have been working like demons to configure short-term
> >replacement machines to allow registrar testing of SRS-clients to
> >continue.  The replacement machines at the SRS went live a few minutes
> >ago.  Total down-time was 29 hours.
> >
> >The security audit folks we hired post-Washington made a preliminary
> >inspection of the site some nine days ago but had not finished working
> >on a preliminary report.  We expect to work closely with them to
> >consider improvements to the site-security at Best and to evaluate
> >whether an alternate location will be necessary.
> >
> >The hardware was insured and CORE will bear no cost for the replacement
> >hardware.  There was a suggestion that in view of the current
> >uncertainties, CORE might be able to save some money by replacing the
> >stolen hardware with scaled-down versions.  excom considered this and
> >concluded that this had the potential to delay the repurchase, and that
> >such a risk did not outwiegh the potential financial benefits.
> >
> >core-excom met an emergency teleconference at 2230GMT yesterday with
> >Greg Hurst and Tom Gable in attendance.  CORE's official response is to
> >issue a press release but otherwise downplay the incident.  Tom Gable
> >has drafted a press release that contains more details (attached).  This
> >release will go out on the wires tomorrow.
> >
> >Sorry folks, I wish it was a joke -
> >
> >Leni.
> >
> >
> >
>
> Jim Fleming
> Unir Corporation
> IBC, Tortola, BVI



--
Jeffrey A. Williams
DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com

Prev by Date: Re: "Internet Names *and* Addresses"
Next by Date: (fwd) BREAK-IN AT THE SRS
Prev by thread: RE: FYI
Next by thread: Re: Attack on CORE SRS
Index(es):
- Date
- Thread