- From: <paola.dimaio@gmail.com>
- Date: Sun, 26 Apr 2009 14:07:11 +0100
- To: Dan Brickley <danbri@danbri.org>
- Cc: foaf-dev Friend of a <foaf-dev@lists.foaf-project.org>, foaf-protocols@lists.foaf-project.org, Semantic Web <semantic-web@w3.org>, Thomas Roessler <tlr@w3.org>
- Message-ID: <c09b00eb0904260607p64e1ee2er9b02d964cc377f41@mail.gmail.com>
Hi Dan thanks for the update, you mentioned something of the kind last week. I am terribly sorry to hear that, as being hacked is the equivalent of being raped and murdered, at least that's what it feels like, from what I remember I once researched an published an article for IT week, ZDNet must have been over ten years go, about hacker culture. I dont remember the name of the guy who spoke to me, but he had started a small security firm somewhere around London, He explained all about red hats and black hats etc It was an extremely informative experience. He told me that when someone hacks our site, is often 'doing us a favour' I thought the guy was being sarcastic but he was serious, I understood later He explained that too often people disregard security matters etc etc and (cause they are busy concentraing on the front end or other matters perhaps?) and bringing down their sites was the only way to make them face the fact that their servers and systems had simply not secure enough, and obviously nobody was paying attention Many of us have been busy elsewhere, but I think this experience should be a learning one, if anything I was wondering why the emphasis was on FOAF+SSL lately, and today I went to do some reading, there is some recent literature that maybe we should catch up with I think if FOAF was *my* baby I would try to find out who hacked it or at least how, and reverese engineer the security strategy from a vulnerability assessment. Get hackers to do do vulnerability assessment, was the bottom line of that article I dont know enough how how the server were set up to give input, but let me find them guys again search for ' FOAF exploit' http://www.vupen.com/english/advisories/2006/4009 http://www.milw0rm.com/exploits/2506 On Sun, Apr 26, 2009 at 1:31 PM, Dan Brickley <danbri@danbri.org> wrote: > > The server hosting several FOAF related sites has been compromised. > > I am taking everything offline until I can be 100% sure we are clean of > malicious PHP and suchlike (and moved to Amazon EC2 hosting). Apologies for > any inconvenience. My own site at danbri.org is also affected. > > The Subversion files behind the FOAF spec and other materials are on a > different machine, and remain online. See: > > http://svn.foaf-project.org/foaf/trunk/xmlns.com/htdocs/foaf/ > > I will send a status update to foaf-dev,foaf-protocols and semantic-web at > the end of the week. > > In the meantime, I would like everyone on these lists to think about > strategies for reducing our exposure to hacked RDF schemas. I believe the > best approach today is to use a subset of XML Signature, and have talked > with Thomas Roessler (cc:'d) a bit during WWW2009 about what such a spec and > toolset might look like. I expect to continue and track that conversation > through the new W3C SocialWeb incubutor group. > > I'll keep you all posted. Apologies for any inconvenience. > > Dan > > -- Paola Di Maio, ****************************************
Received on Sunday, 26 April 2009 13:07:53 UTC