Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Dear editors of the Debian wiki,
- Please recall our recent email regarding the moinmoin [1] vulnerability [2] and
- the penetration of Debian's wiki [3]. We have reset all password hashes and
- sent individual notification to all Debian wiki account holders with
- instructions on how to recover (and thereby reset) their passwords [4]. More
- technical details about the attack are available [5].
- We have completed our audit of the original server hosting wiki.debian.org and
- have concluded that the penetration did not yield escalated privileges for the
- attacker(s) beyond the 'wiki' service account.
- That said, it is clear that the attacker(s) have captured the email addresses
- and corresponding password hashes of all wiki editors. The attacker(s) were
- particularly interested in the password hashes belonging to users of Debian,
- Intel, Dell, Google, Microsoft, GNU, any .gov and any .edu.
- Presumably, the intent was to generate domain / username / password tuples from
- the email addresses and (eventually cracked) hashes, and to use these to attack
- the home instititions of these users.
- If the localpart of your email address (the portion to the left of the @) is
- your username at your home institution AND if you tend to use the same password
- with multiple services, then we *VERY STRONGLY* recommend changing your
- password at your home institution (the portion to the right of the @).
- Even if the localpart is not your username at your home institution, we
- recommend updating your password as other mechanisms to map your email address
- to your username may be available to the attacker(s).
- If you have any questions or concerns, please contact the Debian Wiki
- Administrator Team [6] and/or the Debian System Administration Team [7].
- With kind regards,
- Paul Wise for the Debian Wiki Administrator Team
- Luca Filipozzi for the Debian System Administration Team
- [1] http://packages.qa.debian.org/m/moin.html
- [2] http://www.debian.org/security/2012/dsa-2593
- [3] http://wiki.debian.org
- [4] http://wiki.debian.org/FrontPage?action=recoverpass
- [5] http://wiki.debian.org/DebianWiki/SecurityIncident2012
- [6] debian-www@lists.debian.org
- [7] debian-admin@debian.org
- --
- Luca Filipozzi
- Member, Debian System Administration Team
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement