Aqu 01, 01 / Jan 1, 17 15:10 UTC

Cybersecurity  

Cybersecurity is an important part of preserving the security of asgardia. In this century we have become citizens of the digital era. There are hackers in this world some of them are black hats (hackers that use their abilities for bad stuff), white hats (use their abilities for good) and grey hats (intermidiate). Our white hats have to protect our asgardians from the grey and they black hats. We hace to organize and make a team to fight this war: hackers against hackers.

Aqu 01, 01 / Jan 1, 17 16:52 UTC

Mirrors my thoughts loosely. I'd suggest the grey hats are not so "intrermediate", but sit with their feet on both sides of the fence. And thus their grass is always green.

The most critical concepts right about now however is the protection of our digital infrastructure, the data within, and the communications channels citizens use to access.

I'd personally prefer to pool from those who wouldn't self-define as "hacker" - unless they do so under the guise of a single specific definition. The reason being the massive distortion from the media surrounding the word "hacker", and it's these other definitions that such people will of persued. I certainly avoid using the term where possible if only to avoid all the "can you hack my g/f's FB? I think she's cheating on me" retards.

Instead it'd be wiser to pool from those who would instead self indentify as pursuing applicable fields. Ignore the "hackers", utilise the "security researchers", the "systems analysts", the "networking engineers" and the "penetration testers" - The sort of person that would recognise https://upload.wikimedia.org/wikipedia/commons/thumb/4/45/Glider.svg/220px-Glider.svg.png and understand it's significance. The sort of person that could tell you why it's more suitable to use "kali" for use in "X" deployment senario, as opposed to a standard *nix install with the same tools added from repositories.

A set of "mirror services" on a testing rig, populated with random, testing data would allow folks to TTD all facets of all services without impacting operations. Should allow to find and resolve issues before they actually become a problem. AFAIK there's not even any real bug reporting system in play - beyond the forum section - and no ticketing system... The entire operation reeks of much inexperience.

Various observations of previous useage habits as much as there's been no indication of a PCI DSS report and or the ISO/IEC 27002 audit despite specifically request thus along with other applicable data suggests that there is an alarming number of issues already existing. And they haven't even been looked for. These need to be found, and sanitised before someone else finds them and exploits them.

The clock is ticking.

  Updated  on Aqu 01, 01 / Jan 1, 17 16:56 UTC, Total number of edits: 1 time
Reason: typo

Aqu 03, 01 / Jan 3, 17 16:45 UTC

Don't be affraid from the exploits that are easy to find , affraid the custom and stealth ones ;-)

Aqu 12, 01 / Jan 12, 17 08:12 UTC

Im down for cyber security and military security. I have no issue participating in both!

Aqu 12, 01 / Jan 12, 17 12:22 UTC

I agree with @EyeR, there is a wrong use of the name "hacker", so I don´t think it is the best option to get together with people who call themselves that way. Moreover, surely the true "hackers" in the old (and pure) sense of the word never call themselves this way.

In any case I think we could open a new post and see how many people would be interested in analyzing our infrastructure and thinking it as safe as possible from the beginning.

Aqu 14, 01 / Jan 14, 17 04:21 UTC

Why should it need a new post? anyone interested in such a thing should be paying vague attention by nature of the topic.

I can tell you they seem to be incredibly wary of releasing details for some reason. There has been some progress on this subject of recency, but nowhere near enough. As for finding out things via other means, these commonly violate the terms of service to the service.

Publish of technologies/versions leveraged, preferably open sourcing the work, should allow for users to create a VM of specification in order to devel and for testing.

Thinking it's "safe" is incredibly unwise. With public access technologies there's no safe, you want it safe you don't give users access -=- This is impractical in this case but there are different degrees of less dangerous. Building this as less dangerous as possible as early as possible should indeed be a primary goal, for the significant future this will be our primary structure and if we build it, and build on it right then it can modularly adapt to cope with whatever the future brings.

Aqu 17, 01 / Jan 17, 17 15:01 UTC

What I meant was that we could open a new post on time to put together a security group to join the IT team.

I still don´t understand why we don´t have access to the information of our current minimal infrastructure, I will continue to think that they still don´t understand the resources they are wasting by preventing the entire community from knowing this information.

Aqu 25, 01 / Jan 25, 17 07:30 UTC

Indeed - knowing various facets for certainty, instead of just guessing @ skylake quadcore i7-6700 or a skylake Xeon E3-1275 v5, between 32GB and 64GB of RAM, 2x 4TB HD pushed through a 1Gbps pipe, running freeBSD, ngnix, PHP, Drupal8, no load balancer, no squid, etc would allow for replication externally for purposes of testing, and more accurate expectations of service performances.

More concerning than the wasted resources is the 1970's ethos for security.

Aqu 25, 01 / Jan 25, 17 16:08 UTC

As IT-Security is my primary topic of interest as of recently, I glad to find this post.

knowing more about the IT-infrastructure of Asgardia, is of importance to me. Also I'm interested in knowing who is in charge go it for now.

Edit: Aerospace International Research Center GmbH the company that operate asgardia.space only list a Director of Software Development on their Team. Information found on this sites:

https://asgardia.space/en/page/imprint

https://airc.at/ see company -> management team -> more leads to:

https://room.eu.com/team

all this domains confuse me a bit

  Last edited by:  Jonathan Stephan (Asgardian)  on Aqu 25, 01 / Jan 25, 17 17:20 UTC, Total number of edits: 2 times

Aqu 26, 01 / Jan 26, 17 12:28 UTC

All those domains predate Asgardia and should likely be ignored.

I'm not overly happy that Asgardia.space appears to be part of AIRC - I assume this was done due to simpletons at the wheel more than a classification of corporate ownership.