←back to thread

Mitigating the Hetzner/Linode XMPP.ru MitM interception incident

(www.devever.net)
341 points hlandau | 5 comments | 20 Oct 23 20:31 UTC | HN request time: 0.207s | source
Show context
abigail95 ◴[20 Oct 23 22:43 UTC] No.37962300[source]
> What would a perfect attacker do?

If you had physical access to the computer, some sort of bus interception to exfiltrate data from the machine.

replies(2): >>37962373 #>>37963714 #
1. manxman ◴[21 Oct 23 02:58 UTC] No.37963714[source]
Thinking laterally for a moment regarding the big picture here, why do we still rely on data centres.

They made sense in a world of dialup and low speed / high latency broadband. But there are lots of places with high speed fibre and not much latency to the peering points.

And the more we break away from data centres and clouds, the more the internet infrastructure will have to work the way it was designed instead of having to flow through these crazy aggregation points that are both serious points of failure and major security risks.

replies(3): >>37965259 #>>37966341 #>>37974366 #
2. WhyNotHugo ◴[21 Oct 23 09:11 UTC] No.37965259[source]
Regular domestic connections often block ports (especially email). In many countries, ISPs won't sell you a static IP (your dynamic address might not change ever, but you don't control rDNS records).

These kind of measures force people to move onto a rented server instead. Often ISPs rent servers themselves. The conflict of interest here is hard to ignore: if ISPs make it easy and convenient to host from home, their business of renting servers suffers.

3. dewey ◴[21 Oct 23 12:41 UTC] No.37966341[source]
> They made sense in a world of dialup and low speed / high latency broadband. But there are lots of places with high speed fibre and not much latency to the peering points.

Yes, but then you need backup power, someone to replace disks / hardware if things break, proper security for compliance reasons, cooling, noise. Once you set up all these things you just invented a data center again.

I don't see how getting rid of data centers makes any sense.

replies(1): >>37968612 #
4. chatmasta ◴[21 Oct 23 17:09 UTC] No.37968612[source]
You can get all of that in your own business premises with a fiber uplink. But at the point you're staffing IT personnel and managing server racks, I suppose you may as well call the location a datacenter, albeit a private one.
5. immibis ◴[22 Oct 23 11:05 UTC] No.37974366[source]
IP addresses, IP addresses, IP addresses, IP addresses.