• mail
• login
• links
• 
• people
• projects
• lists
• FAQ
• donate
• about
• statistics

The Obscure Organization

The Obscure Organization is a 501(c)(3) non-profit corporation that promotes community and creativity through technology. We provide free resources and training to people and organizations hoping to advance their use of technology in non-commercial creative works and community-building efforts.

Recent News

System Compromise: Password Reset / Software Reconfig Needed

(posted October 5^th, 2009)

On Friday, October 2nd, I discovered that Obscure had suffered a serious system compromise. The intruder gained root access and installed an SSH trojan that recorded several dozen passwords. They appear to have had access to the system since at least September 17, 2009, a little more than two weeks.

Because of this, I have locked all user accounts and you need to call either me (Richard Bullington-McGuire) at +1 571 236 0938 or contact Faisal Jawdat if you have his contact information in order to receive a new password.

Since this compromise is related to account passwords, I have also locked down insecure network services, including:

• FTP / port 23 (use SFTP or SCP instead)
• POP3 / tcp port 110 (use POP3S on port 995 instead)
• IMAP / tcp port 143 (use IMAPS on port 993 instead)

I have completed backup and system audit procedures and have a reasonable level of confidence that we have mitigated the intrusion. However, the intruder potentially had access to every file stored on the machine, so if you have stored sensitive data like account passwords in your Obscure account, please take stock of what your exposure might be and take appropriate steps to safeguard your information.

We may still need to spend some more money on backup hardware and incident response. Please consider donating to Obscure if you can.

If you run a system that shares users with Obscure, you should double-check your SSH and SSHD binaries for signs of tampering, and look for the path /usr/local/share/0wn on your system:

strings /usr/bin/ssh /usr/bin/sshd | grep 0wn

Richard Bullington-McGuire
President of The Obscure Organization

About Obscure

We give away free Obscure user accounts to anyone who asks politely. You can use an Obscure user account for email, web hosting, programming, and other non-commercial purposes. People have used their Obscure accounts to host web sites for non-profit organizations, to further their own education, to host their personal web sites, and to collaborate with other Obscure users on projects.

We try to help connect Obscure users with one another. People in the Obscure community often help each other, both by teaching each other effective uses of technology, and by providing constructive feedback on creative projects. This furthers learning both by those seeking help and by the informal mentors who provide help.

For older news, see our News Archive.

Warning!

A visit to The Obscure Organization
may cause you to think.
Thinking has been known to cause severe pain
in the heads of the close-minded.

The Obscure Organization
promotes creativity and community through technology.

Copyright © 2002-2009 by The Obscure Organization
Questions? email info@obscure.org

This page was last modified on:
2009-10-05 08:27:30-0400