[ncc-services-wg] That's So Meta (was Re: New on RIPE Labs: RIPE NCC and the Cloud - Let’s Start Again)
- Previous message (by thread): [ncc-services-wg] That's So Meta (was Re: New on RIPE Labs: RIPE NCC and the Cloud - Let’s Start Again)
- Next message (by thread): [ncc-services-wg] New on RIPE Labs: RIPE NCC and the Cloud - Let’s Start Again
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
jorma at jmellin.net
jorma at jmellin.net
Wed Jun 23 14:19:49 CEST 2021
FYI APNIC left a dump from its Whois SQL database in a public Google Cloud bucket https://www.theregister.com/2021/06/22/apnic_whois_data_exposed/ The Asia Pacific Network Information Centre (APNIC), the internet registry for the region, has admitted it left at least a portion of its Whois SQL database, which contains sensitive information, facing the public internet for three months. Jome ---- jorma at jmellin.net Quoting Shane Kerr <shane at time-travellers.org>: > Nick, > > On 22/06/2021 23.50, Nick Hilliard wrote: >> Patrik Fältström wrote on 22/06/2021 21:23: >> >> With regard to the ripe database and the rpki repo, it doesn't look like >> there are any specific legal issues that haven't been considered. >> All of this information is publicly accessible anyway. There may >> well be a different set of considerations for other types of data. > > I don't think that is is okay to say "this information is publicly > accessible anyway". On a RIPE Database or RPKI server there is > meta-data about *who* is accessing the database, including > timestamps, source addresses, and possibly other data. There is also > meta-data about *what queries* are made to the database. There also > things to be learned about replication delays between servers, and > surely a lot more that might be of interest to creative folks. > > I don't know about now, but at one point there were firewalls and/or > intrusion-detection systems that would query the RIPE Database to > give the admin information about the source of suspicious traffic. > An attacker trying to penetrate a network might be able to identify > which security products were in use if given unrestricted access to > WHOIS query logs. I'm not saying this is a likely scenario, I'm > saying we should be cautious about declaring access to data safe. > Humans (and increasingly AI) are ingenious about ways to use systems > in unintended ways. > > As a thought experiment to try to demonstrate the idea, how would > you feel about a proposal to provide public access to complete > system logs of all RIPE Database servers? If that makes you nervous > in any way - and I think that it should! - then this is exactly why > we should consider the operators hosting RIPE Database (and RPKI) > resources important. > > Cheers, > > -- > Shane
- Previous message (by thread): [ncc-services-wg] That's So Meta (was Re: New on RIPE Labs: RIPE NCC and the Cloud - Let’s Start Again)
- Next message (by thread): [ncc-services-wg] New on RIPE Labs: RIPE NCC and the Cloud - Let’s Start Again
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]