[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation

On 14-12-21 06:54 PM, Thomas White wrote:
> Ok now the dust has settled a little, a few updates on the situation:
> 1. The likelihood of this being the work of law enforcement seems to
> be lower than originally anticipated. This is good in many ways but
> asks more questions than it solves right now. I am not going to
> completely exclude the possibility of law enforcement involvement
> though as there simply isn't enough information.
> 2. A large portion of our logs seem to be non-existent right now, I am
> not sure how or why they have been cleared as this has not happened
> before. When a bit of time has passed and I can be sure of no imminent
> raid on my property I will look into the logs in more detail and share
> them with people more qualified than myself to judge on the matter. If
> appropriate we will then also look to make them public assuming there
> are no consequences for doing so. Furthermore as the time & date of
> some of the servers seem to have been skewed, what remaining info
> there is may be unreliable.

I once noticed sections of logs missing for several hours on a server in
a regular corporate situation and there was a reboot logged just after
entries started again.  At first i thought it was a break-in due to
firewall reports of remote login attempts.  We did not have chassis
intrusion sensors.
Eventually i traced the problem to someone inserting a backup device
into a flaky/faulty USB port, which shorted and made the system freeze
and then reboot.
So, i'm suggesting the possibility one of the operators in the data
centre heard noise or other hardware issues and looked inside.  That
doesnt explain why your account might have been suspended however...

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to