[Chapter-delegates] Internet Society Data Leaked

Joly MacFie joly at punkcast.com
Wed Feb 16 18:13:27 PST 2022 

While I concur with concerns about the transparency, I will just say
that there is a difference between a breach and a detected vulnerability,
so let's not get ahead of ourselves.

What does seem odd is the length of time between the discovery and the
reaction.

joly



On Wed, Feb 16, 2022 at 7:35 PM Winthrop Yu via Chapter-delegates <
chapter-delegates at elists.isoc.org> wrote:

> Olivier, we don't need press releases or "updates".
>
> At the very least, we need:
>
> a)  a clear, comprehensive yet concise official statement from ISOC HQ
> regarding the breach.
>
> b)  including whether ISOC HQ has notified *all* its global members
> (which would include the individual members of chapters).
>
> That above is a bare minimum. Then we will have to check that against any
> obligations the chapter itself may have under local law. And we may
> subsequently need further clarification / statements from ISOC HQ.
>
> WYn
>
>
> On 17 Feb 2022 1:45 am, Olivier MJ Crépin-Leblond via Chapter-delegates
> wrote:
>
> Am I the only one in Chapter Delegates mailing list who received and read
> the email from Christine Saegesser explaining the problem with MemberNova
> and referring to:
>
> "As we noted in our prior email, after we learned of the issue, we
> launched an investigation. The investigation is continuing, and we will
> provide more details when we have more information to share. Going forward,
> updates will be posted at updates.internetsociety.org, and we encourage
> you to check there for additional information. The membership password
> to access this website is ISOC-AMS-Updates (case sensitive)."
>
> Or is the problem that there does not appear to have been any updates
> since 21st January 2021?
>
> Kindest regards,
>
> Olivier
>
>
> On 16/02/2022 14:54, Veni Markovski via Chapter-delegates wrote:
>
> +1 to the request for more clarity; our members need to be informed, and I
> don't want to share on social media a link to an article on some website.
> There should be something at isoc.org, and in the news section there's
> only one press release from 2022 - on February 4.
>
> Also, it's not a good thing to find out from a publication about some of
> the details (I assume not all of them)...
>
> v/
>
> On 2/16/22 04:19, Roland Turner via Chapter-delegates wrote:
>
> Andrew,
>
> Could we have a little more clarity on this please? Chapter members in
> multiple jurisdictions may have notification obligations arising from this.
>
>
> The Jan 21 <https://updates.internetsociety.org/> update states:
>
> Fortunately, we have still not seen any instances of malicious access to
> member data as a result of this issue.
>
>
> This appears a little unclear to me on two important fronts:
>
> *"have not seen"*
>
> An adversarial read of this is the rather horrifying idea that access
> logging was not turned on, so you (and MemberNet) haven't the faintest idea
> whether there were any unauthorised accesses, which would certainly allow
> you say that you hadn't seen any unauthorised accesses but wouldn't mean
> that there weren't any, even at a reasonable level of confidence. Hopefully
> this is not the case!
>
> *"malicious access"*
>
> The relevant question is not whether any accesses could be described as
> malicious, but simply whether they were unauthorised. An adversarial read
> of this is that there were unauthorised accesses, but because you don't
> have much information about the unauthorised accessers you not in a
> position to say that they were acting maliciously, however this would tell
> us nothing about whether there had been unauthorised access. Again,
> hopefully this is not the case!
>
>
> To address both concerns, are you able to confirm that:
>
>    1. access logging was turned on and the logs were successfully secured;
>    2. the logs appear to be complete (in this case "appear to" is fine;
>    the requirement is simply that there are no unexplained gaps); and
>    3. all logged accesses are authorised (i.e. because they were made by
>    the application server, not random external IP addresses)
>
> ?
>
>
> - Roland
>
>
> ------------------------------
>
> On 16/2/22 15:41, Hank Nussbacher via Chapter-delegates wrote:
>
> In case you missed it:
> https://www.infosecurity-magazine.com/news/internet-society-data-leaked/
>
>
> Regards,
>
> Hank
>
> _______________________________________________
> As an Internet Society Chapter Officer you are automatically subscribed
> to this list, which is regularly synchronized with the Internet Society Chapter Portal (AMS):https://admin.internetsociety.org/622619/User/Login
> View the Internet Society Code of Conduct: https://www.internetsociety.org/become-a-member/code-of-conduct/
>
>
>
> _______________________________________________
> As an Internet Society Chapter Officer you are automatically subscribed
> to this list, which is regularly synchronized with the Internet Society Chapter Portal (AMS):https://admin.internetsociety.org/622619/User/Login
> View the Internet Society Code of Conduct: https://www.internetsociety.org/become-a-member/code-of-conduct/
>
>
> --
>
> Best regards,
> Venihttps://www.veni.com
> pgp:5BA1366E veni at veni.com
>
> The opinions expressed above are those of the
> author, not of any organizations, associated
> with or related to him in any given way.
>
>
> _______________________________________________
> As an Internet Society Chapter Officer you are automatically subscribed
> to this list, which is regularly synchronized with the Internet Society Chapter Portal (AMS):https://admin.internetsociety.org/622619/User/Login
> View the Internet Society Code of Conduct: https://www.internetsociety.org/become-a-member/code-of-conduct/
>
>
> --
> Olivier MJ Crépin-Leblond, PhDhttp://www.gih.com/ocl.html
>
>
> _______________________________________________
> As an Internet Society Chapter Officer you are automatically subscribed
> to this list, which is regularly synchronized with the Internet Society Chapter Portal (AMS):https://admin.internetsociety.org/622619/User/Login
> View the Internet Society Code of Conduct: https://www.internetsociety.org/become-a-member/code-of-conduct/
>
> _______________________________________________
> As an Internet Society Chapter Officer you are automatically subscribed
> to this list, which is regularly synchronized with the Internet Society
> Chapter Portal (AMS):
> https://admin.internetsociety.org/622619/User/Login
> View the Internet Society Code of Conduct:
> https://www.internetsociety.org/become-a-member/code-of-conduct/
>


-- 
--------------------------------------
Joly MacFie  +12185659365
--------------------------------------
-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20220216/27eb0a55/attachment.htm>

More information about the Chapter-delegates mailing list