[foaf-dev] FOAF sites offline during cleanup

paola.dimaio at gmail.com paola.dimaio at gmail.com
Sun Apr 26 19:21:05 CEST 2009


Reposting my reply without the contentious analogy, as suggested

Additional information about research on the psychological and emotional
abuse  in relation to  server and email hacks available on request

apologies to who  was offended by me sharing my personal response to this
kind of experience

PDM


On Sun, Apr 26, 2009 at 2:07 PM, <paola.dimaio at gmail.com> wrote:

> Hi Dan
>
> thanks for the update, you mentioned something of the kind last week.
>
> I once researched an published an article for IT week, ZDNet must have been
> over ten years go, about hacker culture. I dont remember the name of the guy
> who spoke to me, but he had started a small security firm somewhere around
> London, He explained all about red hats and black hats etc
> It was an extremely informative experience.
>
> He told me that when someone hacks our site, is often 'doing us a favour'
> I thought the guy was being sarcastic but he was serious, I understood
> later
>
> He explained that too often people disregard security matters etc etc and
> (cause they are busy concentraing on the front end or other matters
> perhaps?) and bringing down their sites was the only way to make them face
> the fact that their servers and systems had simply not secure enough, and
> obviously nobody was paying attention
>
> Many of us have been busy elsewhere, but I think this experience should be
> a learning one, if anything
>
> I was wondering why the emphasis was on FOAF+SSL lately, and today I went
> to do some reading, there is some recent literature that maybe we should
> catch up with
>
> I think if FOAF was *my* baby I would try to find out who hacked it or at
> least how, and reverese engineer the security strategy from a vulnerability
> assessment. Get hackers to do do vulnerability assessment, was the bottom
> line of that article
>
> I dont know enough how how the server were set up to give input, but let me
> find them guys again
>
> search for ' FOAF exploit'
>
> http://www.vupen.com/english/advisories/2006/4009
>
> http://www.milw0rm.com/exploits/2506
>
>
>
>
>
>
>
> On Sun, Apr 26, 2009 at 1:31 PM, Dan Brickley <danbri at danbri.org> wrote:
>
>>
>> The server hosting several FOAF related sites has been compromised.
>>
>> I am taking everything offline until I can be 100% sure we are clean of
>> malicious PHP and suchlike (and moved to Amazon EC2 hosting). Apologies for
>> any inconvenience. My own site at danbri.org is also affected.
>>
>> The Subversion files behind the FOAF spec and other materials are on a
>> different machine, and remain online. See:
>>
>> http://svn.foaf-project.org/foaf/trunk/xmlns.com/htdocs/foaf/
>>
>> I will send a status update to foaf-dev,foaf-protocols and semantic-web at
>> the end of the week.
>>
>> In the meantime, I would like everyone on these lists to think about
>> strategies for reducing our exposure to hacked RDF schemas. I believe the
>> best approach today is to use a subset of XML Signature, and have talked
>> with Thomas Roessler (cc:'d) a bit during WWW2009 about what such a spec and
>> toolset might look like. I expect to continue and track that conversation
>> through the new W3C SocialWeb incubutor group.
>>
>> I'll keep you all posted. Apologies for any inconvenience.
>>
>> Dan
>>
>>
>

-- 
Paola Di Maio,
****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-dev/attachments/20090426/7e37945e/attachment.htm 


More information about the foaf-dev mailing list