LotW ne deluje

QSL biro, QSL managerji, e-QSL, CALLs, diplome,...

Moderator: s55o

Re: LotW ne deluje

OdgovorNapisal/-a S55DX » 04 Jul 2024, 05:06

Tudi na Club Log-u sem pogrešal povezavo LOTW Sync - sinhronizacija z LotW.

Povezava se je sicer vrnila, ampak še ne dela:

"Disabled until 1 August 2024

LoTW integration will remain offline during July 2024. There is no need to email the Club Log helpdesk or ARRL helpdesk in the meantime. Thanks for your patience, back soon."

Onemogočeno do 1. avgusta 2024

Integracija LoTW bo med julijem 2024 ostala brez povezave. Medtem ni treba pošiljati e-pošte službi za pomoč uporabnikom Club Log ali ARRL. Hvala za potrpežljivost, kmalu nazaj.


Uvoz iz LotW v eQSL mi dela normalno.
73 de Milan, S 5 5 D X
Uporabniški avatar
S55DX
Moderator
 
Prispevkov: 600
Pridružen: 08 Jan 2003, 19:56
Kraj: Jezero (JN75fx)

Re: LotW ne deluje

OdgovorNapisal/-a S50U » 23 Avg 2024, 07:21

S55DX napisal/-a:LotW ima sicer pogoste izpade, ampak tako dolgega se ne spomnim. Kakšnih pojasnil od ARRL-a še nisem zasledil.


IT varnosti incident ARRL - poročilo članom

Vir: https://www.arrl.org/news/arrl-it-secur ... to-members

8/22/2024
Sometime in early May 2024, ARRL’s systems network was compromised by threat actors (TAs) using information they had purchased on the dark web. The TAs accessed headquarters on-site systems and most cloud-based systems. They used a wide variety of payloads affecting everything from desktops and laptops to Windows-based and Linux-based servers. Despite the wide variety of target configurations, the TAs seemed to have a payload that would host and execute encryption or deletion of network-based IT assets, as well as launch demands for a ransom payment, for every system.

This serious incident was an act of organized crime. The highly coordinated and executed attack took place during the early morning hours of May 15. That morning, as staff arrived, it was immediately apparent that ARRL had become the victim of an extensive and sophisticated ransomware attack. The FBI categorized the attack as “unique” as they had not seen this level of sophistication among the many other attacks, they have experience with. Within 3 hours a crisis management team had been constructed of ARRL management, an outside vendor with extensive resources and experience in the ransomware recovery space, attorneys experienced with managing the legal aspects of the attack including interfacing with the authorities, and our insurance carrier. The authorities were contacted immediately as was the ARRL President.

The ransom demands by the TAs, in exchange for access to their decryption tools, were exorbitant. It was clear they didn’t know, and didn’t care, that they had attacked a small 501(c)(3) organization with limited resources. Their ransom demands were dramatically weakened by the fact that they did not have access to any compromising data. It was also clear that they believed ARRL had extensive insurance coverage that would cover a multi-million-dollar ransom payment. After days of tense negotiation and brinkmanship, ARRL agreed to pay a $1 million ransom. That payment, along with the cost of restoration, has been largely covered by our insurance policy.

From the start of the incident, the ARRL board met weekly using a continuing special board meeting for full progress reports and to offer assistance. In the first few meetings there were significant details to cover, and the board was thoughtfully engaged, asked important questions, and was fully supportive of the team at HQ to keep the restoration efforts moving. Member updates were posted to a single page on the website and were posted across the internet in many forums and groups. ARRL worked closely with professionals deeply experienced in ransomware matters on every post. It is important to understand that the TAs had ARRL under a magnifying glass while we were negotiating. Based on the expert advice we were being given, we could not publicly communicate anything informative, useful, or potentially antagonistic to the TAs during this time frame.

Today, most systems have been restored or are waiting for interfaces to come back online to interconnect them. While we have been in restoration mode, we have also been working to simplify the infrastructure to the extent possible. We anticipate that it may take another month or two to complete restoration under the new infrastructure guidelines and new standards.

Most ARRL member benefits remained operational during the attack. One that wasn’t was Logbook of The World (LoTW), which is one of our most popular member benefits. LoTW data was not impacted by the attack and once the environment was ready to again permit public access to ARRL network-based servers, we returned LoTW into service. The fact that LoTW took less than 4 days to get through a backlog that at times exceeded over 60,000 logs was outstanding.

The board at the ARRL Second Board Meeting in July voted to approve a new committee, the Information Technology Advisory Committee. This will be comprised of ARRL staff, board members with demonstrated experience in IT, and additional members from the IT industry who are currently employed as subject matter experts in a few areas. They will help analyze and advise on future steps to take with ARRL IT within the financial means available to the organization.

We thank you for your patience as we navigated our way through this. The emails of moral support and offers of IT expertise were well received by the team. Although we are not entirely out of the woods yet and are still working to restore minor servers that serve internal needs (such as various email services like bulk mail and some internal reflectors), we are happy with the progress that has been made and for the incredible dedication of staff and consultants who continue to work together to bring this incident to a successful conclusion.

This information was shared with ARRL Members via email on August 21, 2024

Strojni prevod, brez urejanja.

Nekako v začetku maja 2024 so akterji groženj (TA) s pomočjo informacij, ki so jih kupili na temnem spletu, ogrozili sistemsko omrežje ARRL. TA so dostopali do sistemov na sedežu in večine sistemov v oblaku. Uporabili so najrazličnejše uporabne obremenitve, ki so prizadele vse od namiznih in prenosnih računalnikov do strežnikov z operacijskim sistemom Windows in Linux. Kljub veliki raznolikosti ciljnih konfiguracij se je zdelo, da imajo TA za vsak sistem koristni tovor, ki bi gostil in izvedel šifriranje ali brisanje omrežnih sredstev IT ter sprožil zahteve po plačilu odkupnine.

Ta hud incident je bil dejanje organiziranega kriminala. Zelo usklajen in izveden napad se je zgodil 15. maja v zgodnjih jutranjih urah. Ko je tisto jutro prišlo osebje, je bilo takoj jasno, da je ARRL postal žrtev obsežnega in prefinjenega napada z izsiljevalsko programsko opremo. FBI je napad označil kot „edinstven“, saj med številnimi drugimi napadi, s katerimi imajo izkušnje, niso opazili takšne stopnje prefinjenosti. V treh urah je bila sestavljena skupina za krizno upravljanje, ki so jo sestavljali vodstvo ARRL, zunanji prodajalec z obsežnimi viri in izkušnjami na področju obnovitve izsiljevalske programske opreme, odvetniki z izkušnjami pri upravljanju pravnih vidikov napada, vključno s povezovanjem z organi, in naš zavarovalni prevoznik. Takoj smo stopili v stik z organi in predsednikom ARRL.

Odkupnine, ki so jih zahtevali TA v zameno za dostop do svojih orodij za dešifriranje, so bile previsoke. Jasno je bilo, da niso vedeli in jim je bilo vseeno, da so napadli majhno organizacijo 501(c)(3) z omejenimi sredstvi. Njihove zahteve po odkupnini so bile dramatično oslabljene zaradi dejstva, da niso imeli dostopa do nobenih kompromitirajočih podatkov. Jasno je bilo tudi, da so verjeli, da ima ARRL obsežno zavarovanje, ki bi pokrilo večmilijonsko odkupnino. Po več dneh napetih pogajanj in obračunavanj je ARRL pristal na plačilo odkupnine v višini 1 milijona dolarjev. To plačilo, skupaj s stroški obnove, je bilo v veliki meri pokrito iz naše zavarovalne police.

Od začetka incidenta se je upravni odbor ARRL tedensko sestajal na posebnem sestanku, na katerem je pripravljal popolna poročila o napredku in nudil pomoč. Na prvih nekaj sestankih je bilo treba obravnavati pomembne podrobnosti, upravni odbor pa se je premišljeno vključeval, postavljal pomembna vprašanja in v celoti podpiral ekipo na sedežu, da je nadaljevala prizadevanja za obnovo. Posodobitve za člane so bile objavljene na eni sami strani na spletni strani, objavljene pa so bile tudi po internetu v številnih forumih in skupinah. ARRL je pri vsaki objavi tesno sodeloval s strokovnjaki, ki imajo veliko izkušenj s področjem izsiljevalske programske opreme. Pomembno je razumeti, da so TA med pogajanji imeli ARRL pod lupo. Na podlagi strokovnih nasvetov, ki smo jih dobili, v tem časovnem okviru nismo mogli javno sporočiti ničesar informativnega, koristnega ali potencialno sovražnega do TA.

Danes je večina sistemov obnovljenih ali pa čakajo na ponovno vzpostavitev vmesnikov, da bi jih lahko povezali. Medtem ko smo bili v fazi obnove, smo si prizadevali tudi za čim večjo poenostavitev infrastrukture. Predvidevamo, da bo za dokončanje obnove v skladu z novimi infrastrukturnimi smernicami in novimi standardi potreben še mesec ali dva.

Večina ugodnosti za člane ARRL je med napadom delovala. Ena od teh ni bila, in sicer Logbook of The World (LoTW), ki je ena izmed najbolj priljubljenih članskih ugodnosti. Napad ni vplival na podatke LoTW in ko je bilo okolje pripravljeno, da ponovno omogoči javni dostop do omrežnih strežnikov ARRL, smo LoTW ponovno vzpostavili. Dejstvo, da je LoTW potreboval manj kot štiri dni, da je prešel zaostanek, ki je občasno presegal več kot 60 000 dnevnikov, je bilo izjemno.

Upravni odbor je na drugem sestanku upravnega odbora ARRL v juliju izglasoval odobritev novega odbora, Svetovalnega odbora za informacijsko tehnologijo (Information Technology Advisory Committee). Ta bo sestavljen iz osebja ARRL, članov upravnega odbora z dokazanimi izkušnjami na področju IT in dodatnih članov iz IT industrije, ki so trenutno zaposleni kot strokovnjaki na nekaj področjih. Pomagali bodo analizirati in svetovati glede prihodnjih korakov, ki jih je treba sprejeti v zvezi z informacijsko tehnologijo ARRL v okviru finančnih sredstev, ki so na voljo organizaciji.

Zahvaljujemo se vam za potrpežljivost, ko smo se prebijali skozi to situacijo. Ekipa je dobro sprejela elektronska sporočila z moralno podporo in ponudbo strokovnega znanja s področja IT. Čeprav še nismo povsem iz gozda in si še vedno prizadevamo obnoviti manjše strežnike, ki služijo notranjim potrebam (kot so različne e-poštne storitve, na primer množična pošta, in nekateri notranji reflektorji), smo zadovoljni z doseženim napredkom in neverjetno predanostjo osebja in svetovalcev, ki še naprej sodelujejo, da bi se ta incident uspešno zaključil.

Te informacije so bile 21. avgusta 2024 posredovane članom ARRL po elektronski pošti.
Linux is like living in a teepee. No Windows, no Gates and an Apache in house!
S50CLX Cerkno LinuX dx cluster
https://s50clx.infrax.si
Uporabniški avatar
S50U
 
Prispevkov: 562
Pridružen: 07 Avg 2002, 23:05
Kraj: Cíerkna

Prejšnja

Vrni se na QSL in DIPLOME

Kdo je na strani

Po forumu brska: 0 registriranih uporabnikov in 1 gost