Hi Kieran

On Wed, Nov 27, 2024 at 12:01:03AM +0000, Kieran Kunhya via ffmpeg-devel wrote:
> On Tue, 26 Nov 2024, 23:32 Michael Niedermayer, <mich...@niedermayer.cc>
> wrote:
> 
> > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> > ---
> >  doc/infra.txt | 6 +++---
> >  1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/doc/infra.txt b/doc/infra.txt
> > index 08dcf04c307..71ad7a7db02 100644
> > --- a/doc/infra.txt
> > +++ b/doc/infra.txt
> > @@ -9,9 +9,9 @@ ffmpeg trademark registered in france by ffmpeg creator.
> >  Domain + NS:
> >  ~~~~~~~~~~~~
> >  ffmpeg.org domain name
> > -ns1.avcodec.org Primary Name server (bulgaria)
> > -ns2.avcodec.org Replica Name server (hungary)
> > -ns3.avcodec.org Replica Name server (italy)
> > +ns1.avcodec.org Primary Name server (provided by Telepoint, hosted at
> > Telepoint in bulgaria)
> > +ns2.avcodec.org Replica Name server (provided by an ffmpeg developer,
> > hosted at Hetzer in germany)
> > +ns3.avcodec.org Replica Name server (provided by an ffmpeg developer,
> > hosted at Prometeus Cdlan in italy)
> 
> 
> Hi Michael,
> 
> Can you add the owner of avcodec.org as this obviously matters too as they
> could change the nameserver IPs if they wished.

avcodec.org is owned by an ffmpeg developer. I belive many people know
who owns it. root should know it, jb definitly did know it.

Theres no issue with making the name public in principle, its just
better for security, not to have a public document that an attacker
can go through and know exactly who owns what.

From a name an attacker can often find a phone number and other things
Once an attacker has a phone number they can do a sim swap attack.
This depends on the carrier/phone company. But it did in the past
require only the phone number and had no defence with some.

Also even when SMS is not used as 2FA, ownership of phone and email
can sometimes be enough to reset a password & 2FA

This maybe doesnt work for any domain owner/phone company relevant for us.
But its still a non 0 risk, so i would prefer not to have a public list of
names for who owns what server.

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

When the tyrant has disposed of foreign enemies by conquest or treaty, and
there is nothing more to fear from them, then he is always stirring up
some war or other, in order that the people may require a leader. -- Plato

Attachment: signature.asc
Description: PGP signature

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to