CAcert System Admins discussion list

["Alex Robertson" <alex-uk AT cacert.org>]

Dear Critical Team, Board, Case Managers, Arbitrators,

 

Hi,

 

I have initialized an Arbitration case a20120626.1, you can find its current state at https://wiki.cacert.org/Arbitrations/a20120626.1

 

The search for a Case Manager and Arbitrator is still open

 

As the next step a Case Manager or Arbitrator will contact you with an initial mailing as soon he gets appointed to this case.

 

--

Kind Regards

Alex Robertson

iCM

---- Forwarded message from Wytze van der Raay <wytze AT cacert.org> ---

 

From: Wytze van der Raay <wytze AT cacert.org>

To: cacert-systemlog AT lists.cacert.org

Cc: CAcert Board <cacert-board AT lists.cacert.org>,  Support <support AT cacert.org>

Subject: recovery from possible compromise of critical secrets

Date: 2012-06-26 18:48:04

 

> On June 26 at 10:00 CEST it was discovered that a piece of paper

> containing a subset of the critical secrets kept by CAcert critical

> system administrators had been unadvertently left in the server room

> BIT-2B in Ede. Around the same time the paper was discovered by a BIT

> employee checking the server room, and immediately given in the

> custody of BIT's security officer via Stefan Kooman, Oophaga Access

> Engineer and BIT employee. At 14:00 CEST the paper was returned to

> Mendel Mobach, CAcert critical system administrator.

>

> In principle the data from that piece of paper could have been used

> between June 22, 20:20 CEST and June 26, 10:00 CEST to compromise one

> or more of CAcert's critical systems. However, the following

> mitigating factors have been in place:

> a) none of the secrets provided a capability to access a critical system

>    remotely, i.e. without physical access to a server in the BIT

> server room;

> b) physical access to the systems in the BIT server room was possible

> only

>    for people with accesss to the server room plus access to the key

> of the

>    CAcert cabinet (i.e. BIT employees and Oophaga Access Engineers).

> However,

>    the logs are showing that no console logins have been performed

> during

>    this time period.

>

> Therefore we are pretty confident that no unauthorized access has

> taken place since the subset of secrets was lost and before the time

> we were able to go through all the affected systems and change the

> relevant passwords/secrets.

>

> On June 26 between 15:00 CEST and 16:00 CEST the following passwords

> and encryption keys have been changed:

>

>   infra01 (sun1): ILO, root

>   sun2:   ILO, luks, root

>   sun3:   ILO, luks, root

>   sun4:   ILO, luks, root

>   hopper:  luks, root

>   logger:  luks, root

>   ns:   luks, root

>   ocsp:   luks, root

>   webdb:  luks, root

>   signer:  luks, root

>

> Still to be done:

>   backup disks (both sets), these are in two vaults at Oophaga

>

> -- end

>

>

---- End forwarded message ---

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature