Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Flaw Hits VAserv; Head of LxLabs Found Hanged

Posted by timothy on from the jerks-with-computers-elaborately-shrug dept.

Keldrin_1 writes "The discovery of 24 security vulnerabilities may have contributed to the death of the chief of LxLabs. A flaw in the company's HyperVM software allowed data on 100,000 sites, all hosted by VAserv, to be destroyed. The HyperVM solution is popular with cheap web hosting services and the attacks are easy to reproduce, which could lead to further incidents."

4 of 413 comments (clear)

  1. Mixed feelings by JeffSpudrinski · · Score: 4, Interesting

    You can't truly blame Milw0rm for a person being depressed and committing suicide.

    However, reading their security notes on it, they did hear back from the developer...they simply declared that it didn't happen fast enough and decided unilaterally that the "Vendor appears uninterested".

    I have very mixed feelings on security firms releasing exploits to the public just to try and get results. In my (admittedly limited) experience, more bad has come from releasing exploits publicly than good.

    -JJS

  2. It may have been genetic by BadAnalogyGuy · · Score: 4, Interesting

    His sister and mother both committed suicide by hanging 5 years ago. He may have had a genetic propensity towards suicide.

    Culturally, Indians have a very heavy emphasis on honor and responsibility. The failure of the software is only the outermost layer of true damage. Each of those compromised VMs is a failure to satisfy a customer at best, and a grave violation of the trust between vendor and customer.

    When it comes to suicide, why hanging? It seems like a really hard way to go. Maybe the person wants to suffer to pay back his debts before death.

  3. Re:VM Attacks by Zocalo · · Score: 5, Interesting

    Actually, this has almost nothing to do with attacking VMs and more to do with the simple fact that LxLab's code is an extremely poorly written piece of crap from a security standpoint that leaves the VM wide open to attack. Having read through the 24 sample exploits when they were first published on milw0rm, the errors are pretty damn fundamental and indicate a complete ignorance of many of the established best practices in secure coding. It was just a matter of time before one of LxLab's users got hit and hit hard; frankly I'm surprised it took so long.

    The only thing that I found surprising about the attack on VAserv is that the perpetrator decided to blow away the servers instead of subvert them for sending spam or hosting related websites; 100,000 web hosts have got to be worth quite a few dollars on the right market. While it sucks to be VAserv or one of their customers right now, it's probably better things went this way than the alternative for everyone else. Of course, it's just a matter of time before the next users of LxLabs HyperVM gets hit - if they haven't been already - and at least some of them are almost certainly going to be end up doing something less than legitimate.

    --
    UNIX? They're not even circumcised! Savages!
  4. Re:Well by espamo · · Score: 5, Interesting

    TFA: "Ligesh [from LxLabs] was also still coming to terms with the suicides by hanging of his sister and mother five years ago."

    I suspect that this was the result of a lot of bad things going on in his life, and not just because of the software issues.

    And very likely a genetic predisposition to suicide as well.