←back to thread

Mitigating the Hetzner/Linode XMPP.ru MitM interception incident

(www.devever.net)
341 points hlandau | 1 comments | 20 Oct 23 20:31 UTC | HN request time: 0.204s | source
Show context
liquidk ◴[20 Oct 23 23:06 UTC] No.37962482[source]
The provider has access to the host, they can just inspect the job from the outside and you won’t be able to tell
replies(3): >>37962632 #>>37962862 #>>37963439 #
Jenda_ ◴[21 Oct 23 02:01 UTC] No.37963439[source]
The Hetzner one is a physical server. You would need to stage a "power outage" and backdoor it, which is probably not that easy - e.g. planting a kernel module which survives kernel upgrades and is pretty advanced at hiding itself (the article talks about analyzing raw memory dump).
replies(2): >>37964106 #>>37970329 #
1. mhio ◴[21 Oct 23 04:33 UTC] No.37964106[source]
If it was big brother, obtaining a customised EUFI or ilo/drac/ipmi firmware for the hardware doesn't seem like a stretch.