←back to thread

Mitigating the Hetzner/Linode XMPP.ru MitM interception incident

(www.devever.net)
341 points hlandau | 4 comments | 20 Oct 23 20:31 UTC | HN request time: 0.001s | source
Show context
liquidk ◴[20 Oct 23 23:06 UTC] No.37962482[source]
The provider has access to the host, they can just inspect the job from the outside and you won’t be able to tell
replies(3): >>37962632 #>>37962862 #>>37963439 #
1. Jenda_ ◴[21 Oct 23 02:01 UTC] No.37963439[source]
The Hetzner one is a physical server. You would need to stage a "power outage" and backdoor it, which is probably not that easy - e.g. planting a kernel module which survives kernel upgrades and is pretty advanced at hiding itself (the article talks about analyzing raw memory dump).
replies(2): >>37964106 #>>37970329 #
2. mhio ◴[21 Oct 23 04:33 UTC] No.37964106[source]
If it was big brother, obtaining a customised EUFI or ilo/drac/ipmi firmware for the hardware doesn't seem like a stretch.
3. Avamander ◴[21 Oct 23 20:52 UTC] No.37970329[source]
It only takes access to a DMA-enabled bus (e.g. PCIe) though, to siphon memory contents.
replies(1): >>37974385 #
4. immibis ◴[22 Oct 23 11:08 UTC] No.37974385[source]
And I bet PCIe is a whole lot more hotpluggable than you're officially told.