[volunteergrid2-l] I'm sorry, but Introducer furl leaked

[Johannes Nix]

Hello Slush,

I am shocked and sorry that this happened
to you. And it's especially irritating
that this hit you and Gavin who've done
so much for this interesting project.

With respect to the grid, I think it
could be better to temporarily switch off 
archiving and publishing of mails to 
this list, if this is possible.

I see two main risks for the grid:
First is denial of service against
introducer or nodes. The second would
be that attackers might try to follow
network connections and to break
into other node machines. This is unlikely as
chances of finding anything valuable
are low, but it can't be excluded. 
So it's probably advisable that everyone 
tries to keep his nodes as secure as possible
- especially mail passwords and the
private/aliases file. The truly paranoid
ones will print their aliases on paper
and delete them now....


The introducer furl is certainly compromised
in the technical sense.
I think a possible misuse could 
be avoided by two steps, 1) changing it
and 2) distribute the new one
in a secure way to all genuine members. 
The second looks like the more difficult 
part, because we do not have a set of 
trusted public keys of each member of the 
grid. Maybe a copy of node contact adresses
from before the incident is around?

Johannes 


----- Ursprüngliche Mitteilung -----
> Hi all,
> 
> I had deep-check cronjob on the same machine which has been hacked
> today (see
> http://bitcoinmedia.com/compromised-linode-coins-stolen-from-slush-faucet-and-others/).
> Although it looks like attackers come just for my bitcoins, they had
> also access to tahoe config, so we should expect that introducer furl
> leaked as well. How we should resolve this issue?
> 
> Best,
> slush
> _______________________________________________
> volunteergrid2-l mailing list
> volunteergrid2-l at tahoe-lafs.org
> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
> http://bigpig.org/twiki/bin/view/Main/WebHome