[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(fwd) BREAK-IN AT THE SRS

Date: Tue, 17 Feb 1998 21:13:08 -0500
From: Bob Allisat <bob@wtv.net>
Subject: (fwd) BREAK-IN AT THE SRS

>>---------- Forwarded message ----------
>>Date: Tue, 17 Feb 1998 18:36:02 +1100
>>From: Leni Mayo <leni@moniker.net>
>>To: core@core.gtld-mou.org, core-srs@core.gtld-mou.org,
>>    poc-submit@gtld-mou.org
>>Subject: BREAK-IN AT THE SRS
>>
>>At approximately 5pm Sunday San Francisco-time, there was a break-in at
>>Best Internet.  Best Internet is the San Francisco-based ISP with which
>>the SRS is colocated.  Two machines that are part of the SRS have been
>>stolen.
>>
>>The police and FBI have been notified that a felony has occurred.
>>
>>It appears to be a professional burglary - no other cages or hardware
>>appear to have been compromised.
>>
>>The theives appear to have waited until a shift ended at 3:45 pm and
>>struck a short-time afterwards.  The shift-replacement was ill,
>>discovered the break-in remotely shortly after 6pm and arrived at the
>>site at 7pm.
>>
>>The two machines stolen were the front-end machine acting as part of the
>>firewall and the back-end machine containing the database.   A slightly
>>out-of-date copy of the SRS source code was on the back-end machine.
>>Early indications are that very little else from the SRS cage was
>>removed.
>>
>>Copies of the SRS source code have since been distributed to at least
>>two widely separated geographical locations and are maintained securely.
>>
>>The SRS key has been compromised but no CORE keys were compromised.  No
>>passphrases for CORE keys are kept online.
>>
>>Emergent have been working like demons to configure short-term
>>replacement machines to allow registrar testing of SRS-clients to
>>continue.  The replacement machines at the SRS went live a few minutes
>>ago.  Total down-time was 29 hours.
>>
>>The security audit folks we hired post-Washington made a preliminary
>>inspection of the site some nine days ago but had not finished working
>>on a preliminary report.  We expect to work closely with them to
>>consider improvements to the site-security at Best and to evaluate
>>whether an alternate location will be necessary.
>>
>>The hardware was insured and CORE will bear no cost for the replacement
>>hardware.  There was a suggestion that in view of the current
>>uncertainties, CORE might be able to save some money by replacing the
>>stolen hardware with scaled-down versions.  excom considered this and
>>concluded that this had the potential to delay the repurchase, and that
>>such a risk did not outwiegh the potential financial benefits.
>>
>>core-excom met an emergency teleconference at 2230GMT yesterday with
>>Greg Hurst and Tom Gable in attendance.  CORE's official response is to
>>issue a press release but otherwise downplay the incident.  Tom Gable
>>has drafted a press release that contains more details (attached).  This
>>release will go out on the wires tomorrow.
>>
>>Sorry folks, I wish it was a joke -
>>
>>Leni.

Prev by Date: Re: FYI (I wonder where the security is now?)
Next by Date: Re: Public Resource vs Private Ownership
Prev by thread: (fwd) AlterNIC's Kashpureff Still Behind Bars
Next by thread: (Fwd) CWI article on IAHC
Index(es):
- Date
- Thread