Posted by:
admin
15 years, 5 months ago
Recently, A Small Orange, a web-hosting company was attacked and their server taken down. I hadn't heard of them, despite the fact that they are based in Atlanta. Here are the details of the attack: http://forums.asmallorange.com/index.php?showtopic=12908.
I heard about it through twitter, where they posted this:
A hacker took out 25 servers last night at 11:45pm. We have identified exactly how they got in and are putting in further protections.
and
This includes a jumpbox and two-factor authentication system, which we had been testing anyways. We're obviously moving up those plans.
and
We've already IDed the cause (a compromised tech's password) and have fixed the problem now. Techs are being reissued pwds now!
By jumpbox, I assume the mean some type of SSH gateway (see this how-to on setting up an SSH gateway/jumpbox with WiKID two-factor authentication).
It seems like A Small Orange has a great reputation for customer service. They seemed to have handled the attack in a very open and above-board way. I would also bet that they seriously tighten their security - so if you are looking for hosting or virtual private servers, they could be a great bet.
Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)