the attacker is opening github issues 馃槀

> I noticed in your blog post that you were talking about doing a postmortem and steps you need to take. As someone who is intimately familiar with your entire infrastructure, I thought I could help you out.
[then about ssh agent forwarding, and principle of least privilege]

Show thread

matrix thing 

so apparently the attacker:
- broke into jenkins
- noticed flywheel (OS X build server) having ssh access from outside through a forwarded port
- used those two to take flywheel
- waited for someone to connect to flywheel and forward their agent
- used the agent to get access to every server and add their key to a authorized_keys2 so it wouldn't get overwritten

last issue atm: "Monitor log files to avoid relying on external whitehats"

馃憦 馃槏

Show thread
Follow

lolhats 

@saphire for the first hour i thought that was a killjoy comment but now i stopped laughing yeah absolutely fair point

Web 1 0 1

lolhats 

@CobaltVelvet

Taking over the production web servers, dns, etc, publicly disclosing everything /before/ going to devs and then calling themselves a "whitehat" after all that? Meh. That's not even funny.

Sign in to participate in the conversation
Octodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!