05 Jun, 2009, David Haley wrote in the 2nd comment:
When production servers can automatically log into offsite backups, the offsite backups are as secure as the production server. One user put it well in the comments:
It is kind of amusing for a "security <meaning exploits, cracks, etc.> site" to be hacked like this. Karma I guess.
Quote
One strategy that I employ to mitigate this is to have my backup service connect to the production server, rather than the other way around. That way if your production services are compromised, your backups remain untouched (on a machine that's running no services, behind a firewall, etc, and for all intents invisible).
It is kind of amusing for a "security <meaning exploits, cracks, etc.> site" to be hacked like this. Karma I guess.
05 Jun, 2009, Zeno wrote in the 3rd comment:
Yeah, I don't exactly have faith in this "security team" at Astalavista. Plain text passwords? Smooth.
g0tshell still makes me wonder though.
g0tshell still makes me wonder though.
05 Jun, 2009, tphegley wrote in the 4th comment:
A sick sense I have is to laugh and think that its funny that this happened to astalavista….but on the other hand, man…ruthless hacking. Plaintext passwords though? Really?
09 Jun, 2009, Zeno wrote in the 5th comment:
09 Jun, 2009, tphegley wrote in the 6th comment:
I guess there are some people that you just don't want to mess with…
09 Jun, 2009, Guest wrote in the 7th comment:
Well I certainly hope I never cross paths with those guys. Jesus.
http://news.ycombinator.com/item?id=6426...
Google cache still shows the site as when it was hacked with that info.
All I can say is wow. Even managed to delete their offsite backups.