ARRL Web server breached. Few details available.
Is the ARRL taking its Web server breach too lightly?
The ARRL Letter dated October 9, 2014, belatedly mentioned of one its Web servers had been breached sometime in September. See the complete article here: bit.ly/1siX8hY. The mention lacks specifics and downplays the breach. This concerns me for a number of reasons:
- Why was this notification so late in coming?
- Was the attacker inside the ARRL web server for weeks?
- Why didn’t the article cover more specifics?
- The tone of the article bothers me — as in no big deal…nothing of value in there to steal.
- Once a Web server is breached, it can be VERY difficult to determine what the attacker actually did while inside the server.
I emailed ARRL HQ and asked for more specifics and suggested that the League needs to be more timely and transparent reporting-wise when something like this happens.
What bothers me the most is that my email has gone unanswered.