Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


More Pale Moon drama. Insists BuyVM being responsible for the breach.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

More Pale Moon drama. Insists BuyVM being responsible for the breach.

Since last thread was closed down heres continuation:

He even suggests that @Francisco would've used master key to access his machine with that analogy.

Heck, the reason this happened to begin with is not even because we did anything wrong, but because an assumed-safe environment provided by a third party turned out not to be.

I'll draw an analogy for all the people who missed the details of the situation:
Compare it to living in an apartment building. You assume your apartment is safe because the door locks, and you always make sure to lock it and keep the key safely in your pocket. The building has a more secure entrance with a door that can't possibly be breached/picked open.
Now imagine having a break-in from either one of your fellow tenants because the lock on your apartment door is busted or crappy, or the landlord who just lets himself in with the master key. Whose fault would that be? Yours or the landlord's (in both cases)?
To continue the analogy: I've moved out of the building as a result, and will move to a building where I have known and trusted the landlord for many years.

https://forum.palemoon.org/viewtopic.php?f=17&t=22520&start=20

Then he censors all replies that says otherwise.

Thanked by 1uptime
«134

Comments

  • stefemanstefeman Member
    edited July 2019

    He bans instantly anyone that replies something else than blaming BuyVM for the incident.

  • AmitzAmitz Member

    A new thread for the Kindergarten? Really? :wink:

  • Am I missing some drama here?...

    Thanked by 2netomx taubin
  • To whom does the finger point, it points at thee.

  • stefemanstefeman Member
    edited July 2019
  • AnthonySmithAnthonySmith Member, Patron Provider
    edited July 2019

    3 Mistakes.

    1. He/she/they OBVIOUSLY left the fucking window open.

    2. He/she/they assumed someone else took responsibility for locking his own door.

    3. He/she/they assumed it was the hosts responsibility to secure the empty apartment they rented with NO pre-installed locks and its own individual door not in any way connected to the apartment entrance.

    1 Conclusion.

    idiot.

    /thread.

  • LeviLevi Member

    He is wearing a scale male, literally. Imagine: fat male around 45 years old, with pwned ego in a scale male sitting on a chair in dark room at his parrents basement.

    Thanked by 1merloat
  • deankdeank Member, Troll

    No one with a sane mind trusts any keys to any landlord.

    But that's just me.

    Thanked by 1that_guy
  • uptimeuptime Member

    nobody saw me do it you can't prove anything!

  • Should have just bought his own data center. Then again u might not be free of Snowden conspiracy theories. Damn this world is harsh.

  • AnthonySmithAnthonySmith Member, Patron Provider

    deank said: No one with a sane mind trusts any keys to any landlord.

    But that's just me.

    And leaves the windows open on a ground floor apartment and also blames the landlord.

  • RedSoxRedSox Member

    How to become a landlord?

  • Drama aside, is it really possible for the host to breach into kvm vps without removing / resetting the root password, e.g. Using The master password?

  • FAT32FAT32 Administrator, Deal Compiler Extraordinaire

    @yokowasis said:
    Drama aside, is it really possible for the host to breach into kvm vps without removing / resetting the root password, e.g. Using The master password?

    When there's a will, there's a way, I might not know how, but I would say yes

  • deankdeank Member, Troll
    edited July 2019

    @yokowasis said:
    Drama aside, is it really possible for the host to breach into kvm vps without removing / resetting the root password, e.g. Using The master password?

    Oh, yeah, easily possible. Just ask @Teamacc.

    His vps host just logged into his vps for fun.

  • donlidonli Member

    @yokowasis said:
    Drama aside, is it really possible for the host to breach into kvm vps without removing / resetting the root password, e.g. Using The master password?

    He who controls the physical hardware controls the contents of the physical hardware.

  • Gamma17Gamma17 Member
    edited July 2019

    With unencrypted "hdd" getting into VM from the host is as easy as shutting down VM for "node reboot required for updates" or whatever and mounting VM "hdd" on the host.
    Another question is - why would provider do it, and why would he then infect something with malware... a few situation could be imagined from just some employee having fun to some summerhost owner having fun, but how likely they are in this specific case?

    And the "statements" TBH look stupid... to the point when one might suspect something shady. Sure it cannot be just stupidity, right? Old, unmonitored windows VM exposed to internet was hacked, how surprising...

    Sad too, as i was using this browser. With such "smart" reaction to the issue... Why not just apologize, describe what measures were taken to prevent it in future, do the usual stuff? This stuff happens, it is not good but not the end of the world either. It is probably time to go search for some other browser...

  • williewillie Member

    Sheesh, if such an idiot was involved in that browser's development, someone please remind me not to use it.

    Thanked by 1pike
  • This isn't even drama. It's just stupidity. I see no reason why they ran a Windows server short of them not knowing how up setup a harden Linux web server.

    Thusly it wouldn't surprise me at all that it was compromised. Only time you use Windows server is if you have zero choice in the application needed being windows based.

    This isn't worth discussion, idk why it keeps getting posted. A provider is never responsible for intrusion. Frankly even if it occurred from another VM on the same node it's still the users fault for not hardening it. Some users need to go with managed services.

    Actually I can't even figure out why they needed a Windows server to begin with? Why was the archive file itself not hosted on github, sourceforge, or a simple file hosting platform?

    Thanked by 1netomx
  • @AnthonySmith said:
    3 Mistakes.

    1. He/she/they OBVIOUSLY left the fucking window open.

    2. He/she/they assumed someone else took responsibility for locking his own door.

    3. He/she/they assumed it was the hosts responsibility to secure the empty apartment they rented with NO pre-installed locks and its own individual door not in any way connected to the apartment entrance.

    1 Conclusion.

    idiot.

    /thread.

    I Agree, The hosting provider is not responsible If you just buy server and dont Even hardening it.

    The op probably American who thinks he can blame other people for his own shit.

  • stefemanstefeman Member
    edited July 2019

    Cause it got posted to bleepingcomputer and zdnet and cisomag with all of them quoting francisco being at blame.

    This thread and the previous one should get enough SEO on google to counter that lier that censors any free discussion of the incident to look good to journalists.

    Besides Francisco has not responded yet.

  • AnthonySmithAnthonySmith Member, Patron Provider
    edited July 2019

    yokowasis said: Drama aside, is it really possible for the host to breach into kvm vps without removing / resetting the root password, e.g. Using The master password?

    Incredibly easy if not encrypted, no password even required, I could clone your file system, make changes and splice bits back in if I really wanted to, while it would leave some trace if you don't know what you are looking for, 99% don't, you would never know.

  • deankdeank Member, Troll
    edited July 2019

    What surprised me the most was the fact that someone actually used a Windows server for something other than an exchange server.

    Thanked by 1that_guy
  • ITLabsITLabs Member

    @RedSox said:
    How to become a landlord?

    1. Buy land
    2. Go to elitetitles.co.uk
    3. Buy a lifetime Lord title
    4. Land + Lord = landlord
    5. $$ profit $$
    Thanked by 2RedSox that_guy
  • AnthonySmithAnthonySmith Member, Patron Provider
    edited July 2019

    Gamma17 said: With unencrypted "hdd" getting into VM from the host is as easy as shutting down VM for "node reboot required for updates" or whatever and mounting VM "hdd" on the host.

    Sorry to burst your bubble but no reboot, shutdown required, for at 'least' 4 years the ability for a KVM host to have full view of your filesystem has been trivial, it might as well be OpenVZ.

    The ability for any one with a KVM VPS to prevent that is also trivial though, people make a choice to trust hosts, they also make a choice to use that as an excuse not to make basic "just in case" efforts.

  • HarambeHarambe Member, Host Rep

    No established provider has the time, nor interest, to dick around in customer servers. Let alone a fucking Windows server that's hosting publicly accessible files. Talk about delusional, and completely unwilling to accept responsibility for his box getting popped for not securing it.

    Regarding his dumb analogy, I wonder if he left his BuyVM internal IP poorly protected and someone on the location-wide internal network popped his unpatched Windows box. I mean, you shouldn't do that and it should be a zero tolerance termination policy if you're caught poking at other customers.. but it would be pretty entertaining if that was the case.

    Thanked by 2PureVoltage RedSox
  • williewillie Member
    edited July 2019

    AnthonySmith said: for at 'least' 4 years the ability for a KVM host to have full view of your filesystem has been trivial, it might as well be OpenVZ.

    Does disk encryption make it harder much? Next idea after that I guess would be nested virtualization with the inner KVM handling the encryption and maybe a QEMU patched to obfuscate the ram contents.

  • @AnthonySmith said:

    Sorry to burst your bubble but no reboot, shutdown required, for at 'least' 4 years the ability for a KVM host to have full view of your filesystem has been trivial, it might as well be OpenVZ.

    The ability for any one with a KVM VPS to prevent that is also trivial though, people make a choice to trust hosts, they also make a choice to use that as an excuse not to make basic "just in case" efforts.

    Obviously reading is trivial.
    Writing, however, would require shutdown as otherwise things will break.
    I just assumed that "breaking in" in this case is either fs modification or getting access to running OS, as files were obviously modified.

  • AnthonySmithAnthonySmith Member, Patron Provider
    edited July 2019

    Gamma17 said: Writing, however, would require shutdown as otherwise things will break

    Sorry, its really simple, it requires no shutdown, in fact some of the automation these days depends on that.

    Obviously with malicious intent the host would have to think about the disruptive processes but that assumes joe avg would notice an 'insert application or service' being down for +/- 1 second.

  • @AnthonySmith said:

    Sorry, its really simple, it requires no shutdown, in fact some of the automation these days depends on that.

    Obviously with malicious intent the host would have to think about the disruptive processes but that assumes joe avg would notice an 'insert application or service' being down for +/- 1 second.

    Honestly i see no way how a write could happen to a vm disk from outside with running OS and 100% guarantee that it will not crash or break something. Unless it is something very specific with very well known guest os behavior regarding that thing.
    Or am i wrong and missing something? How does one modify MFT to increase file size for example, while there is whole os running on that FS with unknown operations to exacly the same MFT happening at the same time?

Sign In or Register to comment.