API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 1st, 2013
737
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.18 KB | None | 0 0
raw download clone embed print report
  1. Security Breach
  2. User information for tickets.opscode.com and wiki.opscode.com compromised.
  3.  
  4. What Happened?
  5. A vulnerability in the third-party software that runs our Open Source Chef wiki and ticketing system was exploited to gain access to that particular system. While on this system, the attacker gained escalated privileges and downloaded the user database for the wiki and ticketing system.
  6.  
  7. What information was exposed?
  8. The user database that was accessed contained usernames, email addresses, full names, and hashed passwords. We believe these passwords are adequately secure (the software in question uses the PBKDF2 algorithm), but we will be forcing a password change on the ticketing and wiki systems. If you use this password on other systems, we suggest choosing a new password on those systems as well.
  9.  
  10. Were any of my personal tickets accessed? What about my Hosted Chef data?
  11. We are still investigating this breach; however, there is currently no evidence that any other systems were impacted or that other data was compromised.
  12.  
  13. Does this affect my Hosted Chef accounts?
  14. This does not directly impact your Hosted Chef data or accounts. If you use the same username and password, it is recommended that you change this.
  15.  
  16. How did you catch the breach?
  17. Our security monitoring alerted us to the unauthorized access. Upon investigation, we confirmed the unauthorized activity and immediately took steps to terminate the unauthorized access, isolate the affected systems, and secure forensic data.
  18.  
  19. What has been done to prevent this type of unauthorized access?
  20. We are working with our third party software providers to identify the vulnerability and apply the appropriate patches to the systems.
  21.  
  22. What should I do now?
  23. You will be asked to change your password the next time you access wiki.opscode.com or tickets.opscode.com. If you use the same credentials at any other site, you should assume that those credentials have been compromised and update them immediately. You may also wish to follow @opscode_status on Twitter for immediate updates.
  24.  
  25. We will provide additional details as they become available.
  26.  
  27. If you have any questions please contact Opscode at security@opscode.com.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!