:: Re: [DNG] Ashley Madison hack
Forside
Slet denne besked
Besvar denne besked
Skribent: James Powell
Dato:  
Til: Robert Storey, dng
Emne: Re: [DNG] Ashley Madison hack
More than likely, I'm assuming Red Hat, but that's with great care.

Well, honestly, we don't know, and if its any consolation, I wish the hackers would openly share how they broke in.

We will probably never know if it was anything related to systemd, but with so much still unknown about it due to lack of documentation intentionally, I could only place a 50-50 chance it was anything relative to systemd.
________________________________
From: Robert Storey<mailto:robert.storey@gmail.com>
Sent: ‎7/‎21/‎2015 6:16 PM
To: dng@???<mailto:dng@lists.dyne.org>
Subject: [DNG] Ashley Madison hack

This might seem an unusual topic, but I think it has relevance to this list.

Probably, most of you by now have heard that the adultery web site, Ashley
Madison (http://www.ashleymadison.com) has been hacked by some group that
is demanding the site shut down.

I don't really know much about Ashley Madison, and I assure you that I am
not one of their customers. From what I now gather, it's a pay-for-play
adultery web site, famous for hitting your web browser with annoying
popouts.

The relevancy to us here in Devuanland: I did a search on Netcraft, and it
seems that the site runs on Linux, and uses Nginx as a web server. Some of
the older servers report Red Hat as their OS, but the newer servers just
say "Linux." I can't find out anything about which distro, and whether or
not they are running systemd.

Anyway, security is a big issue for me, as it is for all system
administrators. So I'm kind of curious as to how the hack happened. A
google search didn't turn up any useful info about this.

My understanding is that to hack a web server, you exploit security holes
in either the OS, or the web server software (Nginx, Apache, etc), or the
scripting language (usually php). I confess that I'm not an expert. My
interest in this Ashley Madison hack is that I think systemd has all the
potential to create vast new security holes that would be very difficult to
understand. If so, we could be seeing a lot more of this.

I can't say much more, because I have no solid info. Just wondering if
anyone has heard anything reliable about how the exploit was carried out.
And whether or not systemd could have aided and abetted the process.

cheers,
Robert
_______________________________________________
Dng mailing list
Dng@???
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng