Security incident postings

From BitFolk
Jump to: navigation, search

Based on a proposal made in December 2012, BitFolk has started summarising security incidents that have affected customers and posting them to the "users" mailing list.

What they look like

The subject line will start with "Security incident:" (after the "[bitfolk]" tag). There will then follow a brief summary of what happened, and if possible, an explanation as to how it happened.

Explanations will not always be possible since this relies on cooperation from the customer and ability to successfully analyse a compromise.

Finally there will be a link to this article.

What should I be doing about it?

Probably nothing, unless you feel that the scenario described could happen to you. These messages are informational only and are intended only to educate about what sort of security problems VPS customers commonly face. If you see anything that you feel applies to you then you may wish to investigate how you do things.

But I'm not interested in how other people get compromised!

If you're extremely sensitive to mailing list postings that you have no interest in then you may wish to unsubscribe from the "users" list and subscribe to the "announce" list instead, as that list will contain only important announcements from BitFolk with no discussion. There have been just 19 threads posted there in 2012.

If you strongly feel that such postings have no place on the "users" list then do let BitFolk know, as this is a new proposal and we will have to periodically review how it is going.