[sf-lug] who or what permitted

Michael Paoli Michael.Paoli at cal.berkeley.edu
Thu Jul 28 19:37:28 PDT 2016


Yes, there's question of who/what had access, and could've done it.
Not sure how much is logged with the list software, host, etc., but
one semi-random bit of data I have (and off of that host), is I have
a daily rsync backup of the list archive, and more notably in this case,
likewise overnightly backup of the subscriber list - which is stored under
version control with history 'n such.  So, ... if, say, user subscribed,
spammed, unsubscribed - if they were subscribed "long enough" I'd have the
data that they at least *were* on the roster.  "Of course" if they weren't
on the roster when that nightly updated data is transferred, well, then there
wouldn't be anything to see there.  But it might be at least *slighly*
useful - or could be in some circumstances.  E.g. host compromise ...
that data is saved/archived/backed up off of the list server.

And, there's also the who has access - with great power comes
great responsibilities ... or, as I sometimes have occasion to tell
managers that, e.g. request they (also) have root password when they don't
really needed it and shouldn't have it, one of the first things I
tell them is, approximately, "So, when something *really bad* happens on the
host, you also want to be among the suspects that have sufficient access to
have done so?"

Anyway, ... I do think I still have at least some privileged access on
that host (the access itself, at least, which I keep very well secured).
Don't think I've been on the host for a fair while - let alone making any
use of privileged access there.  Also don't think I have password(s)
for specifically managing list(s) on that host.  At least that's
off-the-top-of-my-head, anyway.  I'd have to check my notes and
access information, and possibly host itself, if there was need/reason
to check further ... but at present I'm quite busy with other stuff.

> From: "Rick Moen" <rick at linuxmafia.com>
> Subject: Re: [sf-lug] MEGA Invitation
> Date: Thu, 28 Jul 2016 15:17:25 -0700

> Quoting Jim Stockford (jim at well.com):
>
>>
>>     I now see that sf-lug itself has an
>> invitation to MEGA.nz.
>>     My latest guess is that someone captured
>> info from Jason's cellphone.
>
> Jim --
>
> You are not addressing the data at hand.
>
> The data are:  A non-subscriber post with a 'From:' address of  
> support at mega.nz
> transited through Mailman to the subscribers.  Mailman is configured
> (correctly) to hold all non-subscriber mail in the admin queue, and held
> mail expires automatically out of the queue (is discarded) after 5 days
> if not manually approved.
>
> The mystery of who or what permitted that otherwise not-allowed action
> is unresolved.





More information about the sf-lug mailing list