Full Report
Comments on the blog have been suprisingly quiet and we should have realised this when more and more people started having discussions with us via twitter or email (as opposed to simply saying their piece here). Short Story: It was broken, and it should be fixed again. Blame has been assigned and culprits have been whipped appropriately. Long Story: Most SensePost’ers interact with the blog through our company-internal blog. This allows us to share top secret information like lolcats without publishing it here. Selected posts are pumped through to public via a plugin inside (which also publishes certain comments / etc).
Analysis Summary
# Main Topic
A breakdown in the comment system integration between SensePost's internal and public blogs, leading to a cessation of publicly posted comments which went unnoticed internally due to reliance on internal communication channels (company-internal blog, Twitter, email). The issue stemmed from the mail server distrusting emails relaying external comments back into the internal system.
## Key Points
- Public blog comments ceased because the mail server servicing the comment relay mechanism began rejecting the emails containing the external comments.
- Internal team members remained unaware of the public comment issue because their primary interaction point was the internal blog, where discussions continued normally.
- The authors acknowledge this was a self-inflicted failure ("pure lameness") related to the distributed nature of their comment handling system (external comments routed back in via scripting and email).
- An accompanying issue involving a broken plugin that parses these comments further complicated the problem.
## Threat Actors
- No malicious external threat actors are identified.
- The issue is internal, resulting from system failure ("Lamports law"). Blame has been assigned internally.
## TTPs
- Not applicable; this is a system integrity failure, not an offensive cyber operation.
## Affected Systems
- SensePost Public Blog Comment Functionality.
- The internal mail server responsible for processing inbound comment emails.
- The specific plugin responsible for parsing these relayed comments.
## Mitigations
- The immediate mitigation was fixing the broken system ("It was broken, and it should be fixed again").
- The underlying fix involved resolving why the mail server started distrusting emails originating from the external blog feed.
## Conclusion
The incident highlights the brittleness inherent in complex, distributed systems, particularly those relying on email relay for core cross-platform functionality. While not a security threat, the event caused a communication failure with the public audience. The recommendation is to review and stabilize all inter-system communication pipelines, especially those reliant on email transport for critical data relay.