[kwlug-disc] Russia seizes VPN servers

CrankyOldBugger crankyoldbugger at gmail.com
Tue Jul 12 09:21:09 EDT 2016


I got the Ft. Meade reference...  Yes, it is a very secure building, to say
the least, although they do have the occasional (wiki)leaks...

I got the same email from PIA yesterday as well.  On my Windows box it was
an easy upgrade; I'm hoping to do the Linux boxes tonight.

I was a little surprised, however, to find that they did in fact use
Russian sites.  I've never considered Russia to be a safe place for
anything computer related, to be honest....



On Tue, 12 Jul 2016 at 07:42 Mark Steffen <rmarksteffen at gmail.com> wrote:

> On 07/11/2016 10:33 PM, Mark Steffen wrote:> I've got a VPS hosted in
>> the basement of a big black building halfway
>>
>>> between Washington and Baltimore just off the 295, it's apparently a
>>> VERY secure facility.  Throughput is great, though I do get ssh
>>> complaining sometimes, I have to clear some stuff out in ~/.ssh/ for
>>> it to stop complaining and connect. Weird. It was a great price
>>> though, and secure. I keep all of my passwords, and router configs
>>> there as an offsite backup as well as archives of all my email,
>>> financial information, and evil plans.
>>>
>>
>> You're mostly talking about physical security. In theory a given -
>> doesn't speak to non-physical access. Again, it seems to go back to how
>> trustworthy a vendor is - and under sufficient duress, they aren't, so it
>> comes down to how interesting your data is and how motivated they are. (If
>> the authorities say give me your disks or face fines or jail or worse,
>> you're going to give them your disks.) Presumably they need court orders /
>> probable cause to take such possession, but that doesn't have to be for
>> your data - it could be on another customer's, and you get caught up in
>> that net.
>>
>> I wonder if you're running into ssh key / cert changes. That could be
>> part of a regular rotation (presumably documented somewhere that they do
>> that), or casual changes, which makes one wonder about their procedures. At
>> the least there should be a different band key / cert fetch process -
>> although I don't remember ever seeing such for ssh. (Usually I end up
>> taking the line out of known_hosts and just knee-jerk saying yes to the new
>> key at next connection. I guess I probably shouldn't, at least not without
>> a different band fetch / verification of the change.) [This is much like
>> fetching the gpg keys for a repository separately, which are then used to
>> verify the files coming down via apt-get - both checksum, and verification
>> sourced from the expected producer.]
>>
>> I suppose I should investigate such ssh connection key rotation processes
>> some day. e.g. some ssh parameter to fetch a new cert from a different
>> source path, and updated known_hosts before next connecting.
>
>
>
> I appreciate the advice, but I was trying to be humorous.  If you've ever
> been to the Ft Meade area of Maryland along the 295 you'll know the
> building I'm talking about and my jest will become more clear. :-)
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20160712/5cbd079e/attachment.htm>


More information about the kwlug-disc mailing list