How to handle a tech security incident

Security

buffer-app

One of my favourite apps had a security incident this week. Buffer is a social media management tool that allows you to schedule posts into a “buffer” that posts on a predetermined schedule so you aren’t bombarding people with all your content at once. Its a great app and I’ve been using it for over a year.

One of the things that differentiates the buffer experience from competing products is that their management team are AMAZING communicators. They haven’t lost touch with who they are as things have grown and this weeks experience is no exception. Buffers handling of what could be a fatal experience for a startup is an awesome example of why they are going to be very very successful in the future. Continue reading “How to handle a tech security incident”

Project Titanicarus: Part 9 – Building the Email Servers

You've got mail

Email servers.. the bane of every sysadmins existence. The second something goes wrong with an email server, you’re guaranteed to get 100 phone calls and people dropping by your office to say “My emails aren’t working”. This is one part of your hosting infrastructure you want to get right.

I’ve decided to build my infrastructure on Postfix & Dovecot with a MySQL user database. My previous email setup was built using this howto. One of the major issues I ran into was with Courier’s inability to handle large mailboxes so I’ve decided to use a similar setup only with Dovecot in place of Courier and there are a couple of other major differences:

  1. This is going to be a highly distributed configuration (ie multiple servers in multiple datacentres)
  2. This is going to sit behind load balancers (brings interesting spam filtering and security issues)
  3. This is going to use a clustered MySQL backend

So the goal of todays blog post is to deliver:

  • Multi-server & multi-datacentre replicated mail stores
  • Fault tolerance (pull a server out at any time of the day and mail keeps flowing)
  • POP3 & IMAP user access
  • Authenticated SMTP Submission

Continue reading “Project Titanicarus: Part 9 – Building the Email Servers”

Project Titanicarus: Part 8 – Building the FTP Servers

FTP Server

I personally hate & never use FTP, but some people prefer/need it for their development tools to work. Today we’re going to install ProFTPd on our servers using MySQL based virtual users. The following instructions are adapted from this really good howto, if I’ve missed something you may want to check the original version which I’ve recreated here just in case the other one goes away.
Continue reading “Project Titanicarus: Part 8 – Building the FTP Servers”

David Cecil – ‘Evil’ the NBN hacker jailed


What started as an investigation into a misbehaving DNS server in December 2010, grew into a multinational Australian Federal Police operation & media circus covering the “NBN Hacker”, culminating in the successful arrest conviction and sentencing of David Cecil (who ran by the online moniker “Evil”) today in Orange District Court.

ITNews Article – “Evil” Platform hacker jailed: http://t.co/oGZ9S6pB

There has been much spectacular and often misinformed reporting on this case.  The sad thing is that this kind of case is not a rare event, system compromises happen all the time to businesses large and small all over the world.  What is unique about this case is that there has been an arrest and subsequent conviction.

When we discovered the problem we did what others fail to do – we took an evidence based approach, we observed, collected data and sandboxed the risk over a 7 month period and we were not afraid to stand up and be named. This approach allowed us to assist the AFP in achieving a successful conviction, ensured that we were able to protect our customers and the internet in general from the risks that the investigation was monitoring.

Now that the case is over and I am able to talk about more of the operational details, I plan to write up a case study covering the key learnings I took away from the case, along with some suggested processes that can be followed if you are ever confronted with a similar situation.

If you’re impatient and want the information faster than I can write it, please feel free to drop me an email or give me a call.

 


Judgement – issued today:


Date of Listing: 22 Jun 2012 before Judge A Blackmore at District Court – Crime, Orange
Appearances:
  • Cecil , David Noel, Accused
  • NSW Police, Prosecuting Authority
Offence:
Actual offence – Unauthorised access/modification of restricted data
2011/00241456-001, 2011/00241456-004, 2011/00241456-005, 2011/00241456-008, 2011/00241456-009, 2011/00241456-011, 2011/00241456-015, 2011/00241456-018, 2011/00241456-019, 2011/00241456-020, 2011/00241456-024, 2011/00241456-036, 2011/00241456-037, 2011/00241456-042, 2011/00241456-043, 2011/00241456-044, 2011/00241456-045, 2011/00241456-046

Sentence:
The offender, David Noel Cecil, is sentenced to a term of imprisonment of 6 months to commence on 5 April 2012 and expiring on 4 October 2012

This sentence is Concurrent with other sentences being served by the offender.

The offender is sentenced to a period of 6 months (fixed) full time imprisonment to commence on 5 April 2012. These 18 sentences are to be served concurrently.

Offence:
Actual offence – Cause unauthorised modification of computer data 2011/00241456-049

Sentence:
The offender, David Noel Cecil, is sentenced to a term of imprisonment of 2 years to commence on 5 July 2012 and expiring on 4 July 2014 with a non-parole period of 12 months. The offender is to be released to supervised parole when the non-parole period expires.

This sentence is Partly concurrent with other sentences being served by the offender.

There is to be a partial accumulation of the two unauthorised modification of data to cause impairment charges.

The offender is sentenced to a period of 2 years imprisonment to commence on 5 July 2012. There is to be a non-parole period of 12 months.

During the period of the recognisance the offender is to accept the direction and supervision of the NSW Probation and Parole Service.

Offence:
Actual offence – Cause unauthorised modification of computer data
2011/00241456-050

Sentence:
The offender, David Noel Cecil, is sentenced to a term of imprisonment of 2 years to commence on 5 October 2012 and expiring on 4 October 2014 with a non-parole period of 12 months. The offender is to be released to supervised parole when the non-parole period expires.

This sentence is Partly concurrent with other sentences being served by the offender.

The offender is sentenced to a period of 2 years imprisonment to commence on 5 October 2012. There is to be a non-parole period of 12 months.

During the period of the recognisance the offender is to accept the direction and supervision of the NSW Probation and Parole Service.


Last updated by at .