[NLRS] RE ARRL digital disruption

Fri Jun 7 09:21:36 EDT 2024

Once someone gets into a system these days, it is even possible for the attacker to plant malware into the system flash memory and/or remote lights out adapter, or even use root kits that hide themselves preboot.

I’m NOT suggesting that happened here. I am suggesting that after compromise, there are significant challenges ahead to restore everything to a baseline configuration. Even worse is that if you literally shutdown all of the systems, each may need to be isolated from the rest of the network to make sure nothing is left behind that would recompromise systems without an external attack.
________________________________
From: nlrs-bounces at mailman.qth.net <nlrs-bounces at mailman.qth.net> on behalf of Evelyn WB0VHF Jacobson <wb0vhf at gmail.com>
Sent: Friday, June 7, 2024 1:09:29 AM
To: nlrs at mailman.qth.net <nlrs at mailman.qth.net>
Subject: Re: [NLRS] RE ARRL digital disruption

Other than "We have been diligently assessing each system to ascertain
the extent of compromise. For example, while the Logbook of The World®
server and related user data were unaffected, we have taken the
precautionary measure of keeping the service offline until we can ensure
the security and integrity of our networks."

When there is a hack like this, each system needs to be completely
vetted to make sure nothing of the hacker is left in, including the
route used to get in to start with. That can take a while, especially if
the attack is "unique", which this one most definitely was.

73,
Evelyn
WB0VHF

On 6/7/2024 1:02, Art Howard wrote:
>  And still not a peep about LOTW .
>
> ______________________________________________________________
> NLRS mailing list
> Home: https://urldefense.proofpoint.com/v2/url?u=https-3A__mailman.qth.net_mailman_listinfo_nlrs&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=JsDsKeR7cZC8wbZhIlxxBQ&m=iBDlTxmw11MO0mqETmWC8mIPDIvCNmqPDhX7HmcKheh1GUTZDgWEm1UhEVfbjpfM&s=X2YByYSm0wmrZQQCLVcR-orawwV-x2ErHyJngU73-G8&e=
> Help: https://urldefense.proofpoint.com/v2/url?u=https-3A__mailman.qth.net_mmfaq.htm&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=JsDsKeR7cZC8wbZhIlxxBQ&m=iBDlTxmw11MO0mqETmWC8mIPDIvCNmqPDhX7HmcKheh1GUTZDgWEm1UhEVfbjpfM&s=k1E5Lv1_g2Y_9w6uHNN4LxSLcWM_HzSWRVf0N9NaHek&e=
> Post: mailto:NLRS at mailman.qth.net
>
> This list hosted by: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.qsl.net&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=JsDsKeR7cZC8wbZhIlxxBQ&m=iBDlTxmw11MO0mqETmWC8mIPDIvCNmqPDhX7HmcKheh1GUTZDgWEm1UhEVfbjpfM&s=tto4hb-z-oasjhNKngkW6qGAuBYfhcKg-oYQdKDK4Rk&e=
> Please help support this email list: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.qsl.net_donate.html&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=JsDsKeR7cZC8wbZhIlxxBQ&m=iBDlTxmw11MO0mqETmWC8mIPDIvCNmqPDhX7HmcKheh1GUTZDgWEm1UhEVfbjpfM&s=iuu7DabYwXvK6ZhRt1AIXE8wyPtDWnrj5sw3iN3iWQY&e=
______________________________________________________________
NLRS mailing list
Home: https://urldefense.proofpoint.com/v2/url?u=https-3A__mailman.qth.net_mailman_listinfo_nlrs&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=JsDsKeR7cZC8wbZhIlxxBQ&m=iBDlTxmw11MO0mqETmWC8mIPDIvCNmqPDhX7HmcKheh1GUTZDgWEm1UhEVfbjpfM&s=X2YByYSm0wmrZQQCLVcR-orawwV-x2ErHyJngU73-G8&e=
Help: https://urldefense.proofpoint.com/v2/url?u=https-3A__mailman.qth.net_mmfaq.htm&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=JsDsKeR7cZC8wbZhIlxxBQ&m=iBDlTxmw11MO0mqETmWC8mIPDIvCNmqPDhX7HmcKheh1GUTZDgWEm1UhEVfbjpfM&s=k1E5Lv1_g2Y_9w6uHNN4LxSLcWM_HzSWRVf0N9NaHek&e=
Post: mailto:NLRS at mailman.qth.net

This list hosted by: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.qsl.net&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=JsDsKeR7cZC8wbZhIlxxBQ&m=iBDlTxmw11MO0mqETmWC8mIPDIvCNmqPDhX7HmcKheh1GUTZDgWEm1UhEVfbjpfM&s=tto4hb-z-oasjhNKngkW6qGAuBYfhcKg-oYQdKDK4Rk&e=
Please help support this email list: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.qsl.net_donate.html&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=JsDsKeR7cZC8wbZhIlxxBQ&m=iBDlTxmw11MO0mqETmWC8mIPDIvCNmqPDhX7HmcKheh1GUTZDgWEm1UhEVfbjpfM&s=iuu7DabYwXvK6ZhRt1AIXE8wyPtDWnrj5sw3iN3iWQY&e=
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.qth.net/pipermail/nlrs/attachments/20240607/32cabdf0/attachment-0001.html>