It looks like someone who’s claiming to be the attacker has posted on reddit with more information (which I have removed) @lgaetz who’s looking after this internally? The information contained in the message doesn’t need to be public but if anyone inside Sangomium wants to reach out to me, now would be a good time (email would be best) as this is time critical information.
(Edit: Contact achieved!)
We need to do module updates on many v15 PBXes. Was planning to do so over Christmas or New Year weekend. The hack stopped me from doing this over Christmas weekend. Do we believe the tech side is in the clear enough to apply module updates? I would image that @xrobau and @lgaetz probably have some good input here too.
Thats the approach for general breaches, there are many other requirements in law, in particular this diddy that relates to “serious harm” and that section encompasses for breaches that are known to have taken login creds and financial information
“entities to expeditiously notify individuals at risk of serious harm about an eligible data breach unless cost, time, and effort are excessively prohibitive in all the circumstances.”
the key work here is expidtitously , which is not 28 days, unless your a sangoma fanboi that is
Any updates?
(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)
People online stating to be part of the group that hacked Sangoma stated that they have been in contact with Sangoma since October 12th.
This could use a little more citation.
You are offering a “solution”, which includes switching to YOUR mirror servers. Are you serious??? Someone can get the impression that the hack is in your interest…
Please prep a fire extinguisher before this thread is fully engulfed in flames.
How is offering a free service in their interest?
It was entirely predictable innuendo… the only thing surprising to me is that it took nearly a week for someone to say it. Of course it’s nothing more than bad-faith nonsense and trolling and should be ignored.
Curios why October 13th was selected? The gang says they have been in contact since October 12th, any attacker worth their own salt, would have planted their seeds much sooner.
Just curious…has this ever happened…that the update servers of an open-source project have been infected and all “customer” systems (and networks) have been encrypted and locked? If somebody wants to steal money, would he choose end users of a free phone system? I have the impression that 95% of freePBX users dont want to spend money and/or have (lots of) money! Aren’t they the wrong target?
I may be over reading in to this but it seems that if you are a former Digium/Sangoma employee your identity is fair game. They notified current employees but the rest of us can suck a lemon?
Isn’t it standard procedure to disclose only limited information, because the hackers read it too…? Doesn’t it take much more time to find out, what the damage really is?
^^^ this is exactly my fear. I don’t care a WHIT about the phone system. I’m concerned about a jumping off point. Especially for the clients that do have some cross VLAN routing for mobile apps, Xactview, email etc. We’ve since mitigated that possibility, but it was not necessary previously since the PBX is not open to the public in any form (heck, we even have clients that still do not use SIP as their trunks). Until a full 3rd party forensic audit confirming no injected code that firewall is on high alert.
So what is the consensus at this point: Are we trusting module updates or no?
I’m leaning to ‘no’ pending full assurance by Sangoma, but am curious where others are.
Will never happen.
Best they can (and should) do is clarify what they’ve done to audit, followed by the same “no evidence” language they’ve already given. No matter how complete the forensics, there is always a chance they will miss something. I don’t see the attorneys letting them speak in absolutes.
I think some of the expectations here are a little out of line with reality and what any other company has actually done in similar circumstances, but many have been better at managing the news.
But, being a non-distro user, this is pretty much a non-event for us.