Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com
Mandrill Security Vulnerability!
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Mandrill Security Vulnerability!

PremiumNPremiumN Member
edited March 2015 in General

Just got this through email: More info

**Important Security Notification From Mandrill**

We're writing to let you know that we recently discovered a security vulnerability in Mandrill's infrastructure that you should be aware of. At this time, we're confident that no customer data was compromised as a result of the vulnerability, but we feel it's our responsibility to let you know exactly what happened and what we're doing about it.

We discovered evidence on March 10 that automated attempts were made against Mandrill's internal logging servers in an effort to use them in a botnet. Analysis of the impacted servers, including network traffic logs and files present on the servers, indicates that these attempts were unsuccessful. There are no signs that the servers were targeted to access the data stored on them.

Upon further investigation, we found that the opportunity for this attack stemmed from a firewall change we made on February 20 in order to more granularly control access to some of Mandrill's servers. Parts of Mandrill's infrastructure are hosted with Amazon Web Services (AWS), and we use EC2 Security Groups to control access. One change was made to a security group that contained more servers than we intended to affect. As a result, a cluster of servers hosting Mandrill's internal application logs was made publicly accessible instead of allowing internal-only access...........`

I ❤ Laravel

Comments

  • KupolKupol Member
    edited March 2015

    Do people get fired for such a mistake ?

  • @Kupol said:
    Do people get fired for such mistake ?

    nah, slap on the wrist (unless u're a junior)

    NodeFerret | Linux Server Monitoring [Join our Alpha!]

  • blackblack Member

    You missed the important bits.

    There's no evidence that any customer data was queried or exported, but unfortunately, we can't completely rule out the possibility of access. So, we're being paranoid and letting you know the worst-case scenario. Although it's extremely unlikely, if we assume the attackers were able to access information stored on the servers when the firewall rules were changed, the following data about your Mandrill account could have been accessed:
    Internal logs with basic log data about emails sent between February 6 and March 10. These logs include sender address, recipient address, and subaccount used (if any), but do not include custom metadata or message content.
    At this time, you don't need to make any changes to your Mandrill account. We realize that notifying you may be an overreaction given the evidence, but we wanted you to be aware of the issue.
    Thanked by 1wych
  • @black said:
    You missed the important bits.

    The email was long, which is why i attached it on a pastie on the top of the OP.

    I ❤ Laravel

  • What a good thing email is not used for confidential information!

  • I'm sure they're fine.

    Life is better when you're smiling

  • nexmark said: I'm sure

    Never. We do not know if the sun will rise tomorrow for sure.
    Or some "volunteer" will "misfire" some nuke.

    From the way that is worded, looks like some scanner reached some IPs which should have not been on the net unprotected, but the OS was updated and/or the scripts did not find the vulnerable services they were looking for.

    Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

  • Human error. It'll always be there until our computer overlords take care of everything.

Sign In or Register to comment.