All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
More Pale Moon drama. Insists BuyVM being responsible for the breach.
Since last thread was closed down heres continuation:
He even suggests that @Francisco would've used master key to access his machine with that analogy.
Heck, the reason this happened to begin with is not even because we did anything wrong, but because an assumed-safe environment provided by a third party turned out not to be.
I'll draw an analogy for all the people who missed the details of the situation:
Compare it to living in an apartment building. You assume your apartment is safe because the door locks, and you always make sure to lock it and keep the key safely in your pocket. The building has a more secure entrance with a door that can't possibly be breached/picked open.
Now imagine having a break-in from either one of your fellow tenants because the lock on your apartment door is busted or crappy, or the landlord who just lets himself in with the master key. Whose fault would that be? Yours or the landlord's (in both cases)?
To continue the analogy: I've moved out of the building as a result, and will move to a building where I have known and trusted the landlord for many years.
https://forum.palemoon.org/viewtopic.php?f=17&t=22520&start=20
Then he censors all replies that says otherwise.
Comments
He bans instantly anyone that replies something else than blaming BuyVM for the incident.
A new thread for the Kindergarten? Really?
Am I missing some drama here?...
To whom does the finger point, it points at thee.
https://www.lowendtalk.com/discussion/158899/allegations-against-buyvm
3 Mistakes.
He/she/they OBVIOUSLY left the fucking window open.
He/she/they assumed someone else took responsibility for locking his own door.
He/she/they assumed it was the hosts responsibility to secure the empty apartment they rented with NO pre-installed locks and its own individual door not in any way connected to the apartment entrance.
1 Conclusion.
idiot.
/thread.
He is wearing a scale male, literally. Imagine: fat male around 45 years old, with pwned ego in a scale male sitting on a chair in dark room at his parrents basement.
No one with a sane mind trusts any keys to any landlord.
But that's just me.
nobody saw me do it you can't prove anything!
Should have just bought his own data center. Then again u might not be free of Snowden conspiracy theories. Damn this world is harsh.
And leaves the windows open on a ground floor apartment and also blames the landlord.
How to become a landlord?
Drama aside, is it really possible for the host to breach into kvm vps without removing / resetting the root password, e.g. Using The master password?
When there's a will, there's a way, I might not know how, but I would say yes
Oh, yeah, easily possible. Just ask @Teamacc.
His vps host just logged into his vps for fun.
He who controls the physical hardware controls the contents of the physical hardware.
With unencrypted "hdd" getting into VM from the host is as easy as shutting down VM for "node reboot required for updates" or whatever and mounting VM "hdd" on the host.
Another question is - why would provider do it, and why would he then infect something with malware... a few situation could be imagined from just some employee having fun to some summerhost owner having fun, but how likely they are in this specific case?
And the "statements" TBH look stupid... to the point when one might suspect something shady. Sure it cannot be just stupidity, right? Old, unmonitored windows VM exposed to internet was hacked, how surprising...
Sad too, as i was using this browser. With such "smart" reaction to the issue... Why not just apologize, describe what measures were taken to prevent it in future, do the usual stuff? This stuff happens, it is not good but not the end of the world either. It is probably time to go search for some other browser...
Sheesh, if such an idiot was involved in that browser's development, someone please remind me not to use it.
This isn't even drama. It's just stupidity. I see no reason why they ran a Windows server short of them not knowing how up setup a harden Linux web server.
Thusly it wouldn't surprise me at all that it was compromised. Only time you use Windows server is if you have zero choice in the application needed being windows based.
This isn't worth discussion, idk why it keeps getting posted. A provider is never responsible for intrusion. Frankly even if it occurred from another VM on the same node it's still the users fault for not hardening it. Some users need to go with managed services.
Actually I can't even figure out why they needed a Windows server to begin with? Why was the archive file itself not hosted on github, sourceforge, or a simple file hosting platform?
I Agree, The hosting provider is not responsible If you just buy server and dont Even hardening it.
The op probably American who thinks he can blame other people for his own shit.
Cause it got posted to bleepingcomputer and zdnet and cisomag with all of them quoting francisco being at blame.
This thread and the previous one should get enough SEO on google to counter that lier that censors any free discussion of the incident to look good to journalists.
Besides Francisco has not responded yet.
Incredibly easy if not encrypted, no password even required, I could clone your file system, make changes and splice bits back in if I really wanted to, while it would leave some trace if you don't know what you are looking for, 99% don't, you would never know.
What surprised me the most was the fact that someone actually used a Windows server for something other than an exchange server.
Sorry to burst your bubble but no reboot, shutdown required, for at 'least' 4 years the ability for a KVM host to have full view of your filesystem has been trivial, it might as well be OpenVZ.
The ability for any one with a KVM VPS to prevent that is also trivial though, people make a choice to trust hosts, they also make a choice to use that as an excuse not to make basic "just in case" efforts.
No established provider has the time, nor interest, to dick around in customer servers. Let alone a fucking Windows server that's hosting publicly accessible files. Talk about delusional, and completely unwilling to accept responsibility for his box getting popped for not securing it.
Regarding his dumb analogy, I wonder if he left his BuyVM internal IP poorly protected and someone on the location-wide internal network popped his unpatched Windows box. I mean, you shouldn't do that and it should be a zero tolerance termination policy if you're caught poking at other customers.. but it would be pretty entertaining if that was the case.
Does disk encryption make it harder much? Next idea after that I guess would be nested virtualization with the inner KVM handling the encryption and maybe a QEMU patched to obfuscate the ram contents.
Obviously reading is trivial.
Writing, however, would require shutdown as otherwise things will break.
I just assumed that "breaking in" in this case is either fs modification or getting access to running OS, as files were obviously modified.
Sorry, its really simple, it requires no shutdown, in fact some of the automation these days depends on that.
Obviously with malicious intent the host would have to think about the disruptive processes but that assumes joe avg would notice an 'insert application or service' being down for +/- 1 second.
Honestly i see no way how a write could happen to a vm disk from outside with running OS and 100% guarantee that it will not crash or break something. Unless it is something very specific with very well known guest os behavior regarding that thing.
Or am i wrong and missing something? How does one modify MFT to increase file size for example, while there is whole os running on that FS with unknown operations to exacly the same MFT happening at the same time?