Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Mandrill Security Vulnerability!
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Mandrill Security Vulnerability!

PremiumNPremiumN Member
edited March 2015 in General

Just got this through email: More info

**Important Security Notification From Mandrill**

We're writing to let you know that we recently discovered a security vulnerability in Mandrill's infrastructure that you should be aware of. At this time, we're confident that no customer data was compromised as a result of the vulnerability, but we feel it's our responsibility to let you know exactly what happened and what we're doing about it.

We discovered evidence on March 10 that automated attempts were made against Mandrill's internal logging servers in an effort to use them in a botnet. Analysis of the impacted servers, including network traffic logs and files present on the servers, indicates that these attempts were unsuccessful. There are no signs that the servers were targeted to access the data stored on them.

Upon further investigation, we found that the opportunity for this attack stemmed from a firewall change we made on February 20 in order to more granularly control access to some of Mandrill's servers. Parts of Mandrill's infrastructure are hosted with Amazon Web Services (AWS), and we use EC2 Security Groups to control access. One change was made to a security group that contained more servers than we intended to affect. As a result, a cluster of servers hosting Mandrill's internal application logs was made publicly accessible instead of allowing internal-only access...........`

Comments

  • KupolKupol Member
    edited March 2015

    Do people get fired for such a mistake ?

  • @Kupol said:
    Do people get fired for such mistake ?

    nah, slap on the wrist (unless u're a junior)

  • blackblack Member

    You missed the important bits.

    There's no evidence that any customer data was queried or exported, but unfortunately, we can't completely rule out the possibility of access. So, we're being paranoid and letting you know the worst-case scenario. Although it's extremely unlikely, if we assume the attackers were able to access information stored on the servers when the firewall rules were changed, the following data about your Mandrill account could have been accessed:
    Internal logs with basic log data about emails sent between February 6 and March 10. These logs include sender address, recipient address, and subaccount used (if any), but do not include custom metadata or message content.
    At this time, you don't need to make any changes to your Mandrill account. We realize that notifying you may be an overreaction given the evidence, but we wanted you to be aware of the issue.
    Thanked by 1wych
  • @black said:
    You missed the important bits.

    The email was long, which is why i attached it on a pastie on the top of the OP.

  • What a good thing email is not used for confidential information!

  • I'm sure they're fine.

  • MaouniqueMaounique Host Rep, Veteran

    nexmark said: I'm sure

    Never. We do not know if the sun will rise tomorrow for sure.
    Or some "volunteer" will "misfire" some nuke.

    From the way that is worded, looks like some scanner reached some IPs which should have not been on the net unprotected, but the OS was updated and/or the scripts did not find the vulnerable services they were looking for.

  • Human error. It'll always be there until our computer overlords take care of everything.

Sign In or Register to comment.