Re: RFC 9205 vs. CL0P

Hundreds more companies and millions more users affected by the MoveIt breach since my last post, which continues to reverberate globally. Yet still, crickets from the HTTP world. Yeah, we're all "experts" at online privacy, but at some point ya gotta share your info with an insurer, hospital, homeowner's association, or whatnot. Even if they aren't using MoveIt, they're probably outsourcing something to someone who does. 

This isn't me whining about not getting a +1 on updating the best-practices document, I get that I have an abrasive online persona. But I am very disappointed that nobody else in the HTTP world has anything to say about this? I hate being a lone voice in the wilderness, and wonder if I'm the only one free to speak out because my career path has long since diverged from HTTP. Is everyone else in ostrich mode, because their employer/client is breached, or they signed an NDA covering this? Bueller?

The only vindication/schadenfreude I feel, is due to my initial "just use FTP" comments on resumable uploads being met with "FTP is obsolete and irrelevant." MoveIt is FTP software that impacts us all (in ways we wouldn't have known until now), far beyond what "protocol traffic" statistics show. Hope everyone gets that, now. But guess what? FTP was only indirectly compromised, here, via naive HTTP "front-door" implementation. Can't believe this WG has nothing to say on the matter?

Once past the script-kiddie compromise dating back to 2021 (exploiting a weakness that's been in Ipswitch's code since the mid-90's), the sophisticated part was absconding with the data... via FTP. The cloppers' problem has been redistributing the stolen data. Their webserver can't handle it, and they don't have FTP mirrors, because nobody wants to foot the bill. So their solution now, is of course bittorrent. All you need from HTTP is a "magnet link" which can also be traded via email, or text.

We can't even muster a simple, "Don't process raw SQL queries over unauthenticated POST requests"? Really? Maybe I'm shadow-banned, and clueless that nobody but myself receives these posts lol.


Received on Saturday, 19 August 2023 01:51:58 UTC