back to article Rackspace internal monitoring web servers hit by zero-day

Rackspace has told customers intruders exploited a zero-day bug in a third-party application it was using, and abused that vulnerability to break into its internal performance monitoring environment. That intrusion forced the cloud-hosting outfit to temporarily take its monitoring dashboard offline for customers. Reading …

  1. jcday

    This is fascinating.

    The idea of classical security procedures is that you minimise attack surfaces, but also minimise what can be done in the event of a successful hack, and to maximise active detection and elimination of attacks as they take place.

    More modern security practices have multiple layers of castle wall for things that don't actually need direct access.

    In order for an attack that results in remote access to succeed, you need a minimum of three different security failings. Depending on what level of access was achieved, and the level of network segment isolation, it can take six of seven failings.

    In practice, operations take shortcuts, so it's rare you get to quite that degree.

    Regardless of how many layers there were, a breech of security requires problems in far more than just an application. I'd want to know what the additional failings were.

    1. Mike007 Silver badge

      Re: This is fascinating.

      If you have a public facing URL with a vulnerability, that is 1 issue and it WILL result in a compromise of whatever data that script/application has access to. What makes you think you need multiple issues to get compromised?

      It seems that the system in question only had access to the data required to do it's job, so their systems were set up correctly.

  2. breakfast
    FAIL

    How the mighty have fallen

    Back when I was first looking at hosting Rackspace were one of the best around - I think they even used to host El Reg - but these days I wouldn't trust them with a back-up archive of other people's cat pictures let alone anything important.

    1. ecofeco Silver badge

      Re: How the mighty have fallen

      Looks like 2 Rackspace fanbois don't like your review.

      Have my upvote.

  3. Anonymous Coward
    Anonymous Coward

    Probably phpmyadmin

  4. An_Old_Dog Silver badge
    Joke

    Installed Alongside

    * Adobe Flash ?

    * Some version of Java ?

    * WeatherBug ?

  5. Kidplus
    Mushroom

    Zero day and todays MSP

    Hey, what happened to Rackspace? It’s just another example of all the issues of new ISP‘s as well as manage service providers are now facing. We have increased our partnerships and investments in cyber security protecting our information as well as advancements in our AI and DNA analysis of attacks my concern is in our concern for our constituents for companies. They have large assets millions of customers like Rackspace have these issues isn’t even more important for smaller companies to work together to protecting our infrastructure Pompeo‘s former secretary of the fence several years ago in a conference that was held by contractors and other agents with an agencies mention a cyber war would be the new frontier and unfortunately he was so true. We think the register for sharing this articles and other related information to cyber security. We look forward to continue to be a source of resources, as well as feedback on these type of articles and also posting issues that we might find that other people within your writers and readers can participate gather and take back to add further layers of security as well as comfort in knowing that there is others who are going through the same issues And yet working towards a solution for no security of financial institution, but national security as well. We as a nation as well as a global data providers need to work together and providing a a comprehensive plan as well as resources to protect information information is the new gold mine and he who has it Can other advanced the world or turn it into darkness.?

    1. This post has been deleted by its author

    2. ecofeco Silver badge
      Thumb Up

      Re: Zero day and todays MSP

      Corporate buzzword bingo winner of the year.

  6. pogul

    But what monitoring software did they use to monitor the monitoring software?

    1. Clausewitz4.0 Bronze badge
      Devil

      Likely a sysadmin watching abnormal networks events hitting the firewall. Likely a SNORT in passive mode, or something fancier and costier with an enterprise name - doing the same thing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like