Gary, I can well remember those days. I think we were able to handle it quite well even if we had no disaster recovery plan at hands. However, that was a zero day exploit in the wild.
Unfortunately, directed attacks are a lot nastier. Imagine a mail bot spamming all mailbox to the storage limit within minutes. There are many other rather simple methods to achieve effective DOS. In a volunteer organization of individuals doing stuff in their freetime, simple things like an international call are unfeasible. I estimate a call from italy to usa to be ~ 1.48€ / 1.62$ per minute. Frankly, I wouldn't do that but rather get my family and friends a pizza with free drinks. Sorry Gary, dont expect long talks with me by phone. :-)) On Fri, 11 Oct 2024, 17:56 Gary Gregory, <garydgreg...@gmail.com> wrote: > For Log4Shell, we used Slack and video conferences (can't recall which > vendor). > > Gary > > On Fri, Oct 11, 2024, 11:24 AM Shawn McKinney <smckin...@apache.org> > wrote: > > > > > > On Oct 10, 2024, at 5:08 PM, Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > > > > I’m not sure it’s really okay to simply say “oh well internet is down, > > not my problem”, though I suppose it depends upon the criticality of your > > particular project. > > > > The exercise’s intent was to take us out of our comfort zone. A thought > > experiment of a worst case scenario. > > > > It brought back memories of 9/11. > > > > Hysterical, or, practical? > > > > Time will tell. In the meantime we contemplated how we’d “circle the > > wagons” during one of these hypothetical coordinated attacks. > > > > Since (most?) PMC’s communicate via email lists, its asynchronous nature > > was called into question. > > > > What if we had to get ahold of the team RIGHT NOW? How would we do it? > > > > Meanwhile, I’m having trouble sleeping at night and starting to wish that > > I didn’t quit smoking 25 years ago, missing its calming effects. > > > > — > > Shawn > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > security-discuss-unsubscr...@community.apache.org > > For additional commands, e-mail: > > security-discuss-h...@community.apache.org > > > > >
