Customers should feel confident that if our web server is ever compromised again, data submitted via the ticket system before the potential hack will still be secure.
Ticketing Changes
The first thing many users of our ticket system may notice is the changes to the submission form.We are now more clear about which fields are required and which ones will be treated as sensitive data.
* indicates a required field
indicates a field safe for sensitive data
This is important: with the new changes, some fields will become encrypted and will not be readable after they are saved. For better security, asymmetric encryption is used, so there are no unlock codes stored on the server anymore.
However, other fields which will be used to track the status of a ticket will still not be encrypted. It is important that users never enter sensitive data into a field unless it is marked with .
The distinction between sensitive and non-sensitive fields makes it easier to ensure that information that should not be duplicated when alerting support personnel about new tickets or when a customer and personnel discuss a ticket.
At the bottom of the submission form you will notice a new "Disclaimer" section. This section outlines how the data you enter is handled, what our responsibilities regarding that data are, and what your responsibilities are.
The disclaimer mentions this: we have changed the file structures and data management routines for saved tickets. Sensitive ticket data is now stored in a location would be harder to find in a compromised situation. The location is never included in any server backups and if it is found, is encrypted in a way that cannot be restored using information existing solely on the server. When a ticket is closed, the data in that location is removed, so a brute force attempt can never be attempted against it.
Our local encryption keys for unlocking ticket data will be changed on a frequent basis. Tickets created using old encryption keys will not be readable using new keys.
Customer Responsibility
You should never submit permanent or your everyday login information via the ticketing system. Always use temporary FTP and site user accounts for tickets.When a ticket is submitted, support personnel will typically follow up via private messaging on the web site, as has been standard practice. However, you should NEVER submit sensitive information via private messaging, forum posts, or anywhere other than the ticketing system, because only the ticketing system is encrypted. If you receive a private message suggesting that there was an error in the sensitive data you submitted, you should submit a new ticket. Do not send the corrections over private message.
You will now receive clear notifications when someone is working on your ticket and when your ticket has been closed. When the ticket is closed, you should change the passwords of the temporary accounts you provided.
Summary
As always, the VaultWiki.org web site uses TLS encryption to handle form submissions and your data cannot be read directly by a MITM attack.With these changes, the only ways an attacker would be able to gain unauthorized access to your server using credentials you provide via our ticketing system are as follows:
- A screen reader or keylogger on your own computer when you submit the ticket
- Your submission is captured by a MITM attack and a brute force attack is performed against the captured data
- A screen reader or keylogger on our computers when we respond to your ticket
- A brute force attack against the ticket data while the ticket remains open
Please note that hackers can attempt brute force attacks against data that was sent over encrypted connections anywhere, and although it might take many years to succeed, that is one reason why it is important for anyone to change passwords regularly.