I know I can't be the only one that paused at the letter in the Update email.
Quoted from the official email:
"The reason for the outage in these services, which has lasted since January, is that the old server appeared to have become infected with some kind of virus or worm. This meant it had to be wiped and set up again from scratch and unfortunately during this process all the card data and spreads which users had uploaded, as well as the cached data in the peer-to-peer deck exchange, was lost. "
I'd like to know which worm it was, how it was removed, whether users to the system were affected, and how the SysOps are preventing future security issues. thanks
kitty
A worm on the network server?
Moderators: Programmer, WebWeaver, WillowsHeart
-
Programmer
- Major Contributor
- Posts: 1725
- Joined: Sat 01 Jan, 2005 12:00 am
- Location: Spain
- Contact:
Re: A worm on the network server?
Hi Kitty,
Thanks for posting. When I wrote the email about the new version I was conscious that I should have perhaps given a longer explanation, but I wanted to be brief in what was an unsolicited email, while at the same time explaining why all the shared files had been lost. I will be glad to explain it a bit more here anyway.
With the benefit of hindsight I actually think there probably never was a security breach on the server. The reason I thought there was, and I went into a bit of a panic about it, is because I noticed that in Internet Explorer the installation files were displaying a warning message saying they did not have a valid digital signature. The usual reason for this warning message appearing is if the file has been tampered with at some point after signing.
I now think that the reason that message was appearing is that Microsoft introduced something called Smart Filtering. I have since discovered that this "innovation" on the part of Microsoft has caused a great deal of upset amongst small software vendors because it throws up very scary looking warning messages, often about perfectly safe downloads. At the same time they did this Microsoft stopped recognising any kind of digital signature except ones from Verisign. My digital code signing certificate costs about a hundred dollars a year and it is not from Verisign (if it was it would cost $500). This is why if you try to install the program now using IE it tells you that the program is from an unknow publisher, but if you do the same in Chrome it recognises that it is signed by Richard Jefferies.
Anyway, I didn't know about that then and I went into a panic because I was working lots of overtime in my day job and I knew I had no time to try to investigate and fix a compromised server. This was a virtual dedicated server running Windows Server 2008 and I had done all the configuration, including the security configuration, the Firewall and everything else myself, and I have to admit that I am not really a qualified network engineer, so it seemed quite possible to me that I had done something wrong or overlooked some vulnerability.
What I did after I pulled the plug on that is move over to a normal web hosting deal (the dedicated server was really a bit of overkill for what I needed), so now all the server administration is handled by qualified professionals at Hosting UK and I just connect and manage the web site within the safe paramaters that they define.
So in summary a) I am not really sure the files had been infected at all and b) I have moved on to a much safer arrangement that is also much easier for me to manage.
In case anyone is interested, here is a discussion thread on MSDN which captures the general mood in the developer community about "Smart Filtering": http://social.msdn.microsoft.com/Forums ... ter-in-ie9.
I hope this helps clarify it. The good news is that people already seem to be resharing their files so perhaps not so much was lost in the transition.
Cheers,
Richard
Thanks for posting. When I wrote the email about the new version I was conscious that I should have perhaps given a longer explanation, but I wanted to be brief in what was an unsolicited email, while at the same time explaining why all the shared files had been lost. I will be glad to explain it a bit more here anyway.
With the benefit of hindsight I actually think there probably never was a security breach on the server. The reason I thought there was, and I went into a bit of a panic about it, is because I noticed that in Internet Explorer the installation files were displaying a warning message saying they did not have a valid digital signature. The usual reason for this warning message appearing is if the file has been tampered with at some point after signing.
I now think that the reason that message was appearing is that Microsoft introduced something called Smart Filtering. I have since discovered that this "innovation" on the part of Microsoft has caused a great deal of upset amongst small software vendors because it throws up very scary looking warning messages, often about perfectly safe downloads. At the same time they did this Microsoft stopped recognising any kind of digital signature except ones from Verisign. My digital code signing certificate costs about a hundred dollars a year and it is not from Verisign (if it was it would cost $500). This is why if you try to install the program now using IE it tells you that the program is from an unknow publisher, but if you do the same in Chrome it recognises that it is signed by Richard Jefferies.
Anyway, I didn't know about that then and I went into a panic because I was working lots of overtime in my day job and I knew I had no time to try to investigate and fix a compromised server. This was a virtual dedicated server running Windows Server 2008 and I had done all the configuration, including the security configuration, the Firewall and everything else myself, and I have to admit that I am not really a qualified network engineer, so it seemed quite possible to me that I had done something wrong or overlooked some vulnerability.
What I did after I pulled the plug on that is move over to a normal web hosting deal (the dedicated server was really a bit of overkill for what I needed), so now all the server administration is handled by qualified professionals at Hosting UK and I just connect and manage the web site within the safe paramaters that they define.
So in summary a) I am not really sure the files had been infected at all and b) I have moved on to a much safer arrangement that is also much easier for me to manage.
In case anyone is interested, here is a discussion thread on MSDN which captures the general mood in the developer community about "Smart Filtering": http://social.msdn.microsoft.com/Forums ... ter-in-ie9.
I hope this helps clarify it. The good news is that people already seem to be resharing their files so perhaps not so much was lost in the transition.
Cheers,
Richard