Changes between Version 1 and Version 2 of lowdown-drafts-053008


Ignore:
Timestamp:
May 31, 2008, 10:00:20 PM (17 years ago)
Author:
Daniel Kahn Gillmor
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • lowdown-drafts-053008

    v1 v2  
    77We have ways of fending off those attacks so this wasn't going to succeed but the amount of attempts every second zapped the server's resources and we were experiencing what is called a DOS or "denial of service" attack. That means the person is using all the resources and nobody else can log in or do much with the sites on the server.
    88
    9 Jamie and Daniel Kahn Gilmor conferred and decided to reconfigure the servers to detect apparent dictionary attacks and block their IP for a period of time as soon as they start. This pre-emptive step closed those attacks down and saved the performance on all servers. Impact was hardly felt! :-)
     9Jamie and Daniel Kahn Gillmor conferred and decided to reconfigure the servers to detect apparent dictionary attacks and block their IP for a period of time as soon as they start. This pre-emptive step closed those attacks down and saved the performance on all servers. Impact was hardly felt! :-)
    1010
    1111But they led to another discovery.
     
    1313While we were researching what to do, the Debian developers sent out an advisory about a horrible exploit. A couple of definitions are in order.
    1414
    15 GNU/Debian is a free operating system that uses linux; it's the operating
    16 system we use on our servers.
     15Debian is a free operating system that uses the GNU tools and the Linux kernel; it's the operating system we use on our servers.
    1716
    1817An exploit is a piece of code that can be used by a clever attacker to get
    1918access to a server and do damage, steal data or illicitly use resources.
    2019
    21 One other definition: a Secure Sockets Layer key. An SSL key is a long string
     20One other definition: an RSA key. An RSA key is a long string
    2221of characters that is unique to every server that provides the basis for the
    2322server to establish a secure, encrypted connection with computers that connect
    2423to it.
    2524
    26 These software packages are developed by large numbers of people all over the world who merely contribute to them; that's what Free and Open Source Software is. They work through collaborative work systems and they communicate on-line. Most have never met.
     25These software packages are developed by large numbers of people all over the world who merely contribute to them; that's what Free and Open Source Software is. Free software developers work through collaborative work systems and they communicate on-line. Most have never met each other in person.
    2726
    2827In this case, one person filed a report and the community's leaders  checked
    29 and approved it. It seems that, with the Debian installed throughout the
     28and approved it. It seems that, with the most widely-distributed version of Debian installed throughout the
    3029world, you can guess certain parts of the key that are supposed to be
    31 generated radomly.  These means that, eventually, you may be able to guess the
     30generated randomly.  These means that, eventually, you may be able to guess the
    3231key itself.
    3332
     
    3938the members.
    4039
    41 We put together an approach to making the necessary changes on all three platforms: Mac, Window and Linux. And then we did how-tos on all three, published those and sent out advisories explaining the situation. We did all that in about a day! I've never seen anything like this in all my years on the Internet.
     40We put together an approach to making the necessary changes on all three major platforms: Mac, Windows and GNU/Linux. And then we wrote how-tos on all three, published those and sent out advisories explaining the situation. We did all that in about a day! I've never seen anything like this in all my years on the Internet.
    4241
    4342https://support.mayfirst.org/wiki/ssl_host_key_changed
     
    5756So we rerouted email to another empty server ready to handle the load. The campaign's email service continued to be affected during the four day attack but all other members' functionality was returned to normal. After four days of failure, this hacker stopped the attack and the domain was routed by to its normal server.
    5857
    59 This kind of creactive thinking and flexibility under fire is reminiscent of what oru people did in saving the on-line registration at the U.S. Social Forum.
     58This kind of creative thinking and flexibility under fire is reminiscent of what our people did in saving the on-line registration at the U.S. Social Forum.
    6059
    6160These two weeks were hardly routine but they were perhaps a hint of the kinds of challenges we are going to be facing in the future. Every challenge is a challenge, of course but, based on these two weeks, I think we're ready.