Start of #freenode-moderated buffer: Mon Jun 26 05:35:58 2006

[04:13] * Now talking in #freenode-moderated
[04:13] * Topic is 'We will begin soon.  If you would like a question, please /msg Astinus to 
let him know you want to join the queue.  If someone else asks your question, please /msg 
Astinus to cancel.'
[04:13] <Astinus> As I just said folks, don't ask me questions in your /msg. All I want to know 
  is you're wishing to question HedgeMage after we get started, I'll voice you in order!
[04:16] <Astinus> Well, I just passed my previous record for windows open in Irssi ;)  Once 
  again, just let me know you've got questions and wish to be queued (and conversely, if you 
  wish to be removed from queue) and I'll +v you when the time is right!  No questions in /msg 
  please, HedgeMage will take them very soon!
[04:17] <HedgeMage> I'll advise everyone to please ignore joins and parts... I don't expect 
  this to slow down for a while
[04:17] <HedgeMage> we plan to start soon anyway
[04:21] <Astinus> If you're running Irssi and want to ignore joins/parts/quits to keep the 
  scrolling down, please /ignore #freenode-moderated JOINS PARTS QUITS
[04:21] <Astinus> We're about to begin, start your engines!
[04:22] <@HedgeMage> Okay, folks.  I'm going to restate what's already gone out in case anyone 
  missed it, and then we will begin taking questions
[04:23] <Astinus> A helpful user says  /ignore *!*@*  NOTI will work for our X-Chat users :)
[04:23] <@HedgeMage> Last night, one of freenode's servers was compromised, and an intruder was 
  able to cause various forms of havoc, including klining many users and staff.
[04:24] <@HedgeMage> We are currently investigating our security situation, and cannot give out 
  any technical details until our investigation is complete.
[04:25] <Astinus> * For server, one may substitute "staffer account".
[04:25] <christel> thank you Astinus
[04:26] <@HedgeMage> We believe that <25 nickserv passwords were compromised during a limited 
  window, but all concerned individuals are encouraged to change their nickserv passwords just 
  in case.
[04:26] <@HedgeMage> thanks, Astinus
[04:27] <@HedgeMage> We'll open up the floor for questions, one at a time, in a moment.  Please 
  keep your question concise, and type it ahead of time so we can move as quickly as is 
  practical.
[04:28] * Astinus sets mode: +v alex323
[04:29] <+alex323> Are the passwords in the services databases encrypted and/or hashed? What 
  steps are you doing to prevent such an event from occurring again?
[04:29] <+alex323> Are proper Q:lines in place to prevent users from spoofing services nicks?
[04:30] <+alex323> In the event that this needs to be reported to a higher authority, what 
  should we say
[04:30] <+alex323> What kinds of investigations are going on?
[04:30] <@HedgeMage> Passwords are stored as hashes, and we will have more information on 
  specific new security measures as they are implimented.
[04:31] <+alex323> What are the consequences for those found responsible?
[04:31] <@HedgeMage> alex323: I asked for concise, please.
[04:31] <@HedgeMage> Others will want turns, too
[04:31] <+alex323> Understood.
[04:31] * Astinus sets mode: -v alex323
[04:31] <Astinus> We'll answer those questions, then move on. Thanks alex323
[04:32] <@HedgeMage> q-lines are in place, but this intruder could have overriden them.
[04:33] <@HedgeMage> I'm not going to itemize security evaluations that are still in progress, 
  as that would compromise our work.
[04:33] <@HedgeMage> Regularly changing your nickserv/chanserv pw is a good security practice, 
  and something you can do to help your channel and nick remain secure.
[04:34] * Astinus sets mode: +v emes
[04:34] <+emes> Is there any credibility to the claims that hackers from EFNet were responsible?
[04:34] <@HedgeMage> emes: are you ready?
[04:35] * Astinus sets mode: -v emes
[04:36] -> -emes- what a dumb question, all crax0r kids live on efnet. you should have asked if 
  she has a cha-cha instead of a pee-pee
[04:36] <@HedgeMage> We are not releasing our suspect list, but we have some reasons to expect 
  that bantown or GNAA may have been involved.
[04:37] * Astinus sets mode: +v taoist
[04:37] <+taoist> DCC SEND welcome-our-new-gnaa-overlords 0 0 0
[04:37] <+taoist> Thank you.  Now that the sale of Freenode to the GNAA is complete, what new 
  changes can we expect to see?
[04:37] * Astinus sets mode: -v taoist
[04:37] * Astinus sets mode: +v fugi
[04:38] <Astinus> Sorry about that folks, even more indication that muppets from the GNAA might 
  be involved ;)
[04:38] * @HedgeMage chuckles
[04:38] <Astinus> Can people please have their questions typed and ready, so that when voiced, 
  things move faster?
[04:39] * Astinus sets mode: -v fugi
[04:39] * Astinus sets mode: +v aka_druid
[04:40] * Astinus looks at his watch
[04:40] <@HedgeMage> next?
[04:40] * Astinus sets mode: +v Naconkantari
[04:40] <+aka_druid> oh, I wanted to ask about the passwords being compromised, if youa re goin 
  to put in some announcement
[04:40] * Astinus sets mode: -v aka_druid
[04:40] * Astinus thinks this constitutes an announcement :)
[04:40] <+Naconkantari> Is this type of attack over for now, or can we expect more in the 
  future?
[04:41] * Astinus sets mode: -v Naconkantari
[04:42] <@HedgeMage> We believe this attack to be over, but future attacks are always 
  possible...
[04:42] * Astinus sets mode: +v Mark_Ryan
[04:42] <+Mark_Ryan> For those of us who aren't intimately aware of the workings of IRC 
  servers, is there a way we can identify to ChanServ that doesn't involve an /msg? Can we use 
  the server password field? Or an /identify server-side alias?
[04:42] * Astinus sets mode: -v Mark_Ryan
[04:43] <Astinus> Mark_Ryan: Provide your password upon connect, it'll be securely passed to 
  NickServ
[04:43] <Astinus> Mark_Ryan: Also, /quote NickServ is an alternative to /msg. It'll more ably 
  handle Services being down/spoofed.
[04:43] <Rez> also, /ns and /cs are server commands (may need to be prefixed by quote, ie 
  /quote ns) that direct commands to them
[04:44] * Astinus sets mode: +v Ziggy
[04:44] <+Ziggy> Did the so-called "hackers" have access to the filesystem? Is it possible they 
  downloaded any services data? People with dictionary passwords might be interested, even if 
  it is hashed.
[04:45] * Astinus sets mode: -v Ziggy
[04:47] <@HedgeMage> Our hashes are salted MD5, rainbow tables won't work... it would be very 
  CPU intensive to attack each one, even if the whole thing were compromised (which, at this 
  time, we don't think is the case)
[04:47] <@HedgeMage> We again remind you that you can help yourself by regularly changing 
  passwords
[04:47] * Astinus sets mode: +v Tompkins
[04:47] <+Tompkins> What evidence - besides the events that took place right now - do you have 
  against the GNAA?
[04:47] * Astinus sets mode: -v Tompkins
[04:48] <@HedgeMage> We're not releasing any information about the results of forensic 
  examination or other investigations, whether that data implicates or exonerates the GNAA.
[04:48] * Astinus sets mode: +v ardinary
[04:49] * Astinus sets mode: -v ardinary
[04:50] * Astinus sets mode: +v trelane
[04:50] <Astinus> trelane: Got a question? :)
[04:51] <+trelane> no dunno why I was voiced I'm busy elsewhere, sorry
[04:51] * Astinus sets mode: -v trelane
[04:51] <Astinus> That was unexpected, he had /msg'd me :)
[04:51] * Astinus sets mode: +v nenolod
[04:51] <+nenolod> ok, two questions:
[04:51] <+nenolod> m_services.c says:
[04:51] <+nenolod>   if (IsHoneypot(sptr) || !(acptr = find_person(NICKSERV, NULL)))
[04:51] <+nenolod> so does /quote NickServ really provide any real protection?
[04:51] <+nenolod> and
[04:51] <+nenolod> bantown says they are sniffing packets at a place where a freenode server is 
  located, any comment on this would be nice :)
[04:52] * Astinus sets mode: -v nenolod
[04:53] <Astinus> nenolod: We don't believe (at this time) that bantown is capable of sniffing 
  traffic from any of our sponsors. Its possible they're upstream somewhat, but OSUOSL (our 
  main sponsor) are usually pretty good about network security.
[04:53] <Astinus> nenolod: Regarding the m_services.c question, I'm not a coder, I had 
  understood /quote NickServ to be more secure but will defer to your superior knowledge on 
  that one :)
[04:53] * Astinus sets mode: +v WhiteNoise
[04:54] <@HedgeMage> My apologies, I had to step out a moment (minor parenting emergency)
[04:54] <+WhiteNoise> You mention that you believe that < 25 users had their passwords 
  compromised.  How did you arrive at this estimate?  How much confidence should we place in 
  that low a figure?
[04:54] * Astinus sets mode: -v WhiteNoise
[04:55] <@HedgeMage> WhiteNoise: there was a small window between the time that nickserv went 
  down and our servers stopped accepting connections.  While >25 is only an estimate, we are 
  fairly confident that it is accurate.  That said, it is quite easy to change your password so 
  you *know* you are safe.
[04:56] * Astinus notes that's <25 not >25 ;)
[04:56] <@HedgeMage> ack sorry
[04:56] <@HedgeMage> BAD typo
[04:56] * Astinus sets mode: +v richjkl
[04:57] * Astinus sets mode: -v richjkl
[04:57] * Astinus sets mode: +v blackmanheartiez
[04:58] <+blackmanheartiez> HY MOM, IM ON TV. GUYS I HAVE TO MAKE IT CLEAR. GNAA DID NOT HACK 
  THIS, IT WAS PSEUDO USER DEPAKOTE MORE AT WWW.MYSPACE.COM/PHOTOSHOP
[04:58] <+blackmanheartiez> DCC SEND welcome-our-new-gnaa-overlords 0 0 0
[04:58] <+blackmanheartiez> BYE
[04:58] <+blackmanheartiez> LOL
[04:58] <+blackmanheartiez> DCC SEND welcome-our-new-gnaa-overlords 0 0 0
[04:58] <+blackmanheartiez> DCC SEND welcome-our-new-gnaa-overlords 0 0 0
[04:58] * Astinus sets mode: -v blackmanheartiez
[04:58] <Astinus> Sorry about that
[04:58] * Astinus sets mode: +v DosBubba
[04:59] <+DosBubba> 'Grats out to the GNAA for their newly acquired property, irc.vaccus.com 
  #chat . /server -m irc.vaccus.com -j #chat Attacks will continue if you don't join.
[04:59] <+DosBubba> I would like to thank Freenode for taking the time to gather the whole of 
  IRC, it has been our pleasure to take part in such a trolling opportunity.
[04:59] <+DosBubba> Remember: /server -m irc.vaccus.com -j #chat Attacks will continue if you 
  don't join. !startkeygen
[04:59] <+DosBubba> IRC was founded on the principles of trolling, and we thank Freenode from 
  the bottom of our hearts for carrying the fine tradition into the 21st century - hopefully 
  beyond.
[04:59] <+DosBubba> Remember: /server -m irc.vaccus.com -j #chat Attacks will continue if you 
  don't join.
[04:59] <+DosBubba> IRC was founded on the principles of trolling, and we thank Freenode from 
  the bottom of our hearts for carrying the fine tradition into the 21st century - hopefully 
  beyond.
[04:59] <+DosBubba> Remember: /server -m irc.vaccus.com -j #chat Attacks will continue if you 
  don't join.
[04:59] * Astinus sighs
[04:59] * HedgeMage sets mode: -v DosBubba
[04:59] * Astinus sets mode: +v dorphell
[05:00] * Astinus sets mode: -v dorphell
[05:00] * Astinus sets mode: +v hoopydink
[05:01] <@HedgeMage> next?
[05:01] * Astinus sets mode: -v hoopydink
[05:02] * Astinus sets mode: +v JapaneseGangster
[05:02] <+JapaneseGangster> What are the concequences of this event?  ie. Will access be 
  limited for certain parties?
[05:02] * Astinus sets mode: -v JapaneseGangster
[05:03] <@HedgeMage> JapaneseGangster: While we can't, right now, comment on security measures 
  that aren't in place yet, we need to assess our vulnerability and whether a crime was 
  committed.  We don't, at this time, have evidence of enough damage for that to be the case.
[05:03] * Astinus sets mode: +v nalbright
[05:03] <+nalbright> have you considered opening up an SSL port on the servers to help cut down 
  on sniffing?
[05:03] * Astinus sets mode: -v nalbright
[05:04] <@HedgeMage> nalbright: At this time, not all of our servers are dedicated to freenode 
  only, so that is not possible.  We hope to aquire more dedicated servers in the future so we 
  can offer that feature.
[05:05] * Astinus sets mode: +v avillia
[05:05] <+avillia> Two things: 1. What sort of additional fallout has the Slashdot article 
  caused, and 2, What was up with staff members asking for donations via global notice as the 
  attack (+ cleanup) was still happening? Thanks in advance.
[05:05] <+avillia> Also: <GNAA joke/plug>.
[05:05] * Astinus sets mode: -v avillia
[05:06] <@HedgeMage> The slashdot article didn't cause any real fallout until someone told me 
  about it, I read the comments, and annoyed my husband by rolling my eyes at the less 
  intelligent ones.
[05:06] <@HedgeMage> ;)
[05:06] * Astinus sets mode: +v Jin
[05:06] <+Jin> What do you think the motive or purpose of the attack was?
[05:07] * Astinus sets mode: -v Jin
[05:07] <@HedgeMage> As I answered to nalbright's question, we are trying to get more dedicated 
  servers to increase security, asking while security is an issue, we hoped, would be a wake-up 
  for potential donors.
[05:07] <@HedgeMage> Jin: we're still assessing that, and can't comment right now.
[05:08] * Astinus sets mode: +v Link
[05:08] <@HedgeMage> Re: the notice regarding donations, lilo has asked me to apologize if 
  anyone was offended
[05:09] <@HedgeMage> link?
[05:09] <@HedgeMage> next?
[05:09] * Astinus sets mode: -v Link
[05:09] * Astinus sets mode: +v openbysource
[05:09] <+openbysource> all i want is voice at freenode-social. why don't you guys give us 
  voice on joining freenode-social. why does it take so long for you guys to give us voice. 
  please be fast man. we need to wait sometimes sometimes around more than 3 hours. if you guys 
  are working around with these security issues it's okay but do take care of freenode-social 
  keep that thing going man.please try give us voice as fast as u can don't make it too
[05:09] <+openbysource>  long. take for example right now so many of us in the  queue at 
  freenode-social.
[05:09] * Astinus sets mode: -v openbysource
[05:09] * openbysource was kicked by Astinus (Idiot.)
[05:10] * Astinus sets mode: +v SushiGeek
[05:11] <Astinus> SushiGeek: Got a question mate?
[05:11] <+SushiGeek> woah
[05:11] <+SushiGeek> Yes I do
[05:11] * Astinus smiles
[05:11] <+SushiGeek> Are you taking any measures to prevent this kind of thing from happening 
  in the near future?
[05:11] * Astinus sets mode: -v SushiGeek
[05:12] <@HedgeMage> SushiGeek: Thank you for your concern, but as I said before we'll release 
  information on new security measures when possible, as they are implemented.
[05:13] <Astinus> RE: The question about #freenode-social  ::  Its a social channel, not a 
  method of gaining support on the network. We'll voice you when we notice, please don't bug us 
  about it. /stats p or /who freenode/staff/* for contacting people who can help with problems!
[05:13] * Astinus sets mode: +v nf
[05:13] <@HedgeMage> :) thanks Astinus
[05:13] <+nf> Do you have any reason to believe that there may be an insider providing 
  information to various outside parties, that could be a threat?
[05:13] * Astinus sets mode: -v nf
[05:14] <@HedgeMage> I'm sorry, nf, but as I've said, discussing our security asessments right 
  now is not prudent.  We're still working on gathering all of the information we can.
[05:14] * Astinus sets mode: +v Teratogen
[05:14] <+Teratogen> was the FBI contacted and are they participating in the investigation of 
  this incident?
[05:14] <@HedgeMage> see my last answer... can't comment now.
[05:15] <+Teratogen> thanks
[05:15] * Astinus sets mode: -v Teratogen
[05:15] <Astinus> Guys - please don't ask questions similar to ones previously asked.
[05:15] <@HedgeMage> Since most of these seem to be repeats, we're going to close for now.  I'd 
  like to reiterate that we encourage all concerned users to change passwords
[05:15] <Astinus> We can't comment on matters of security, anything said might taint 
  investigations by any law enforcement authorities in the near future. We are looking into 
  this, we are serious about finding the root cause of this, and we have your security in mind.
[05:16] <Astinus> With that said - now's a good time to change those passwords ;)  We do 
  believe <25 accounts may have had their NickServ account password compromised, change it now 
  - end of problem.
[05:16] <@HedgeMage> Please set /mode yournick +w if you would like to see the announcement 
  when we do this again.
[05:16] <Astinus> This room will go -m shortly, so ya'll can chat before we have another 
  session.
[05:17] <@HedgeMage> try not to get blood on the carpet ;)
[05:17] <Astinus> Or we'll send in the cleaners, with pointy brooms ;)
[05:19] * Astinus sets mode: -o HedgeMage
[05:19] * Astinus sets mode: -m
[05:19] <nunsoup> DCC SEND "startkeylogger" 0 0 0
[05:19] <QuantumBeep> (o__o)
[05:19] <J> BACON
[05:19] <b33fc0d3> O.o
[05:19] * bureado hugs channel
[05:19] <enderst> heh
[05:19] <Naconkantari> ceiling cat is watching you.
[05:19] <Mulvane> Now with this attack, auto identification isn't so wise. This brings into 
  question rejoins to channels that require a user to be indentified or be forwared to 
  #please-register. Could this behavior be modified to allow member to join, but put in a +q 
  mode so they can't speak, change nick or anything like the moderated channels? Or maybe a way 
  to track a last connection in case of random disconnects and joins to reallow the
[05:19] <latvian> wow, Astinus, that was very rude of you. i was one of the first persons in 
  here and you completely ignored me.
[05:19] <snorkle> !!!!!!LOLDONGS!!!!!VIVA EL CHE!!!!!!LOLDONGS!!!!!
[05:19] <WeblionX> First blood! :)
[05:19] <rooly> spam
[05:19] <rooly> spam
[05:19] <rooly> spam
[05:19] <rooly> spam
[05:19] <rooly> spam
[05:19] <jeebusmobile> wewt
[05:19] <ShaunES> What a farce. "LOL WE CAN'T COMMENT".
[05:19] <bitplane> wooo
[05:19] <StoneCypher> During what time period were nickserv passwords compromised, for those of 
  us who know at what times we'd logged in and who are reluctant to change passwords unless 
  nessecary?/join #freenode
[05:19] <snorkle> !!!!!!LOLDONGS!!!!!VIVA EL CHE!!!!!!LOLDONGS!!!!!
[05:19] <snorkle> !!!!!!LOLDONGS!!!!!VIVA EL CHE!!!!!!LOLDONGS!!!!!
[05:19] <Eidolos> omg deluge
[05:19] <snorkle> !!!!!!LOLDONGS!!!!!VIVA EL CHE!!!!!!LOLDONGS!!!!!
[05:19] <snorkle> !!!!!!LOLDONGS!!!!!VIVA EL CHE!!!!!!LOLDONGS!!!!!
[05:19] <DosBubba> 'Grats out to the GNAA for their newly acquired 
  property, irc.vaccus.com #chat . /server -m irc.vaccus.com -j #chat 
  Attacks will continue if you don't join.
[05:19] <DosBubba> I would like to thank Freenode for taking the time 
  to gather the whole of IRC, it has been our pleasure to take part in 
  such a trolling opportunity.
[05:19] <DosBubba> Remember: /server -m irc.vaccus.com -j #chat Attacks 
  will continue if you don't join. !startkeygen
[05:19] <DosBubba> IRC was founded on the principles of trolling, and 
  we thank Freenode from the bottom of our hearts for carrying the fine 
  tradition into the 21st century - hopefully beyond.
[05:19] * lilo sets mode: +m
[05:19] * lilo sets mode: +i
[05:19] <lilo> got to love that
[05:19] <bitplane> as a woman on irc, is it true that you have a 
  cha-cha instead of a pee-pee?
[05:19] <HedgeMage> so much for that.
#freenode-moderated Cannot send to channel
[05:19] * DosBubba was kicked by Astinus (Bye)
[05:19] <Astinus> some people need to grow up :/
End of #freenode-moderated buffer    Mon Jun 26 05:35:58 2006