:: [DNG] Ashley Madison hack
Forside
Slet denne besked
Besvar denne besked
Skribent: Robert Storey
Dato:  
Til: dng
Emne: [DNG] Ashley Madison hack
This might seem an unusual topic, but I think it has relevance to this list.

Probably, most of you by now have heard that the adultery web site, Ashley
Madison (http://www.ashleymadison.com) has been hacked by some group that
is demanding the site shut down.

I don't really know much about Ashley Madison, and I assure you that I am
not one of their customers. From what I now gather, it's a pay-for-play
adultery web site, famous for hitting your web browser with annoying
popouts.

The relevancy to us here in Devuanland: I did a search on Netcraft, and it
seems that the site runs on Linux, and uses Nginx as a web server. Some of
the older servers report Red Hat as their OS, but the newer servers just
say "Linux." I can't find out anything about which distro, and whether or
not they are running systemd.

Anyway, security is a big issue for me, as it is for all system
administrators. So I'm kind of curious as to how the hack happened. A
google search didn't turn up any useful info about this.

My understanding is that to hack a web server, you exploit security holes
in either the OS, or the web server software (Nginx, Apache, etc), or the
scripting language (usually php). I confess that I'm not an expert. My
interest in this Ashley Madison hack is that I think systemd has all the
potential to create vast new security holes that would be very difficult to
understand. If so, we could be seeing a lot more of this.

I can't say much more, because I have no solid info. Just wondering if
anyone has heard anything reliable about how the exploit was carried out.
And whether or not systemd could have aided and abetted the process.

cheers,
Robert