On Wednesday, March 12, 2014 00:12:28 Justin Herman wrote: > SynHak.org is a community resource available to all, members seeking access > can be trusted as long as they are members in good standing. Just as keys > to the space are granted to members in good standing, keys to our "virtual > space" should be granted as well. > > I propose power user access with sudo/admin access to AWS and all SynHak > infrastructure, be granted to the following members... > > Craig Bergdorf > Justin Herman > Alex Kot > > These members in good standing and wish to support and improve the > infrastructure of SynHak.org and ancillary services. In addition each has > experience in the information security field.
Ok, thats quite admirable. So what do they want to do? I'm not too big on the idea of handing out the keys to the kingdom "just because". Theres gotta be a compelling reason for me to give such broad and sweeping access to synhak.org infrastructure. The wrong button or API call could easily cost us a lot more money than we're already paying. I'm questioning why Justin is on that list though. Previously, I had asked to send me a GPG signed copy of the SSH key wanted, and that I'd need to go through the keysigning protocol to verify identity. After that, we'd need to set up MFA. I was sent a .txt.tar that was encrypted with what I assume is their public key, which requires the private key to decrypt. I assume its a public key because I could not find it on the key server network. As I said in the reply to that, I have serious concerns about Justin's security disciplines and capabilities. Crawling the 'net for a quick background check doesn't present evidence to the contrary, either. On a side note, Craig already has root access. > > Access to static and new usernames and passwords will be shared, within 5 > days of the proposal's passage, to the members listed above. > > > > Justin
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Discuss mailing list [email protected] https://synhak.org/mailman/listinfo/discuss
