Barry: Since we are going to be making a public statement to the members, how about including that any member that has not changed their password in the last two weeks needs to do so and not to use the same password as is used on any other website. Given that the passwords are stored in a simple cryptographic hash that can be decoded using rainbow tables and given that the passwords are sent in plain text, I believe we owe our members at least that much while we are hopefully working on both a secure storage fix and a secure transmission fix. Doug K4AC From: arrl-odv [mailto:arrl-odv-bounces@reflector.arrl.org] On Behalf Of Shelley, Barry, N1VXY Sent: Monday, October 20, 2014 4:05 PM To: arrl-odv Subject: [arrl-odv:23464] LoTW Disruption All: The following news item is going to be posted on the ARRL web site and the LoTW User Group: On Sunday afternoon, it was discovered that the Logbook of the World server at ARRL HQ was involved in a denial of service attack which disrupted operations. The ARRL IT Department identified the source and is continuing work on eliminating the threat. There may be intermittent disruptions of the Logbook while the ultimate solution is being implemented. We apologize for any inconvenience. For the information of the Board only, the IT Department was able to determine that the LoTW server was compromised from servers in Bejing and was being used in a denial of service attack against servers located in Hong Kong. The attack disrupted not only LoTW functions but slowed our overall network which impacted e-mail traffic as well. The LoTW server and the firewall facing out to the Internet are both current with software and patches so we’ve been unable to determine at this point exactly the source of the intrusion. The server is housed in the virtual array at HQ and we’ve taken that server offline and are creating a new LoTW server in the array to hopefully eliminate the attack. Once we turn that on, LoTW services will be restored and we will closely monitor the outgoing traffic on the network. In addition, we will be replacing the firewall with a Cisco product by Wednesday. To do so earlier would disrupt internal connections to the Internet from HQ and take down other services such as e-mail for about 48 hours which was deemed unacceptable. We will send out another notification when we are back to normal operations. 73, Barry J. Shelley, N1VXY Chief Financial Officer ARRL, Inc. The National Association for Amateur Radio (860) 594-0212 www.arrl.org