[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wiki.debian.org password reset

Hi,

These are questions for the Debian Wiki Administration Team (carbon copied).

I'll let them reply to you.

Regards,

Luca

On Tue, Jan 08, 2013 at 07:22:21PM +0100, Alexis-Emmanuel Haeringer wrote:
> Hello,
> Maybe I could expect an update on your site please. I was wondering if it
> was possible to  NOT to register the IP address in a public way on your
> wiki.
> This is also why I had to stop my contribution
> 
> 
> By example on :
> http://wiki.debian.org/AlexisHaeringer
> http://wiki.debian.org/RecentChanges
> <p id="pageinfo" class="info" lang="fr" dir="ltr">AlexisHaeringer (derni??re
> ??dition le 2011-04-27 20:44:10 par <span title="AlexisEmmanuelHaeringer @
> 82.225.164.173[82.225.164.173]"><a class="nonexistent" href="
> /AlexisEmmanuelHaeringer <http://wiki.debian.org/AlexisEmmanuelHaeringer>"
> title="AlexisEmmanuelHaeringer @ 82.225.164.173[82.225.164.173]">
> AlexisEmmanuelHaeringer</a></span>)</p>
> 
> 
> (Ok it's too late for theses record (FYI I had just change my IP adress) )
> 
> Thanks in advance
> Best regards
> 
> On 6 January 2013 23:39, Luca Filipozzi <lfilipoz@debian.org> wrote:
> 
> > Dear editors of the Debian wiki,
> >
> > Please recall our recent email regarding the moinmoin [1] vulnerability
> > [2] and
> > the penetration of Debian's wiki [3].  We have reset all password hashes
> > and
> > sent individual notification to all Debian wiki account holders with
> > instructions on how to recover (and thereby reset) their passwords [4].
> >  More
> > technical details about the attack are available [5].
> >
> > We have completed our audit of the original server hosting wiki.debian.organd
> > have concluded that the penetration did not yield escalated privileges for
> > the
> > attacker(s) beyond the 'wiki' service account.
> >
> > That said, it is clear that the attacker(s) have captured the email
> > addresses
> > and corresponding password hashes of all wiki editors.  The attacker(s)
> > were
> > particularly interested in the password hashes belonging to users of
> > Debian,
> > Intel, Dell, Google, Microsoft, GNU, any .gov and any .edu.
> >
> > Presumably, the intent was to generate domain / username / password tuples
> > from
> > the email addresses and (eventually cracked) hashes, and to use these to
> > attack
> > the home instititions of these users.
> >
> > If the localpart of your email address (the portion to the left of the @)
> > is
> > your username at your home institution AND if you tend to use the same
> > password
> > with multiple services, then we *VERY STRONGLY* recommend changing your
> > password at your home institution (the portion to the right of the @).
> >
> > Even if the localpart is not your username at your home institution, we
> > recommend updating your password as other mechanisms to map your email
> > address
> > to your username may be available to the attacker(s).
> >
> > If you have any questions or concerns, please contact the Debian Wiki
> > Administrator Team [6] and/or the Debian System Administration Team [7].
> >
> > With kind regards,
> >
> > Paul Wise for the Debian Wiki Administrator Team
> > Luca Filipozzi for the Debian System Administration Team
> >
> > [1] http://packages.qa.debian.org/m/moin.html
> > [2] http://www.debian.org/security/2012/dsa-2593
> > [3] http://wiki.debian.org
> > [4] http://wiki.debian.org/FrontPage?action=recoverpass
> > [5] http://wiki.debian.org/DebianWiki/SecurityIncident2012
> > [6] debian-www@lists.debian.org
> > [7] debian-admin@debian.org
> >
> > --
> > Luca Filipozzi
> > Member, Debian System Administration Team
> >

-- 
Luca Filipozzi
Member, Debian System Administration Team
Member, UBC Enterprise Architecture Team
Reply to: