Please forgive my paranoia but with the recent breach of Sangoma’s systems, it has been suggested to NOT do any module or system updates until… not sure until when.
So, can a couple folks from Sangoma advise what updates were recently rolled out and are official; checked by the Sangoma folks after downloading them as we would and security checked?
Can you please link the official statement?
Itzik, I believe I read it as a suggestion somewhere in the 60 plus comments post on the Sangoma Hack / Ransomware. I’m not going to re-read the posts to find it. Might be mistaken but I believe it was suggested to not update until it can be ascertained that all is well with the “Master Key” and just as a precaution. My paranoia might have overwhelmed my common sense. Dunno.
PS. I forgot to mention that there was never an official statement and I never mentioned the word official. Suggested is the word I used. Just to be clear.
The people in possession of the data are not the ones who will use it. I have not seen the gpg keys in the file list. Their mission is to simply get paid. If they don’t get paid then they release the data which is where the problem is. I don’t think there is any current risk to modules at this time. The risk will present when the data goes in to the wild and people with various motives use it.
Back to the land of speculation without a postmortem we don’t know the attack vector, nor do we know if others have compromised the network in the same or more nefarious ways. In the end I think the module repo is the lowest risk. It comes down again to what data ultimately sees the light of day, who actually sees that data and what they do with it. My guess is the safest states of the data are now and if/when they get paid. They want a payday plain and simple. Additional attacks or messing with stuff would hurt that possibility.
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.