Lack of SSL for Debian Wiki login (was: Re: wiki.debian.org password reset)

To: debian-www@lists.debian.org
Cc: debian-admin@debian.org
Subject: Lack of SSL for Debian Wiki login (was: Re: wiki.debian.org password reset)
From: "Jeremy L. Gaddis" <jlgaddis@gnu.org>
Date: Sun, 6 Jan 2013 19:08:08 -0500
Message-id: <[🔎] 20130107000808.GA10734@hq.evilrouters.net>
In-reply-to: <E1Trzpj-000476-Hk@eggs.gnu.org>
References: <E1Trzpj-000476-Hk@eggs.gnu.org>

* Luca Filipozzi <lfilipoz@debian.org> wrote:
> Please recall our recent email regarding the moinmoin [1] vulnerability [2] and
> the penetration of Debian's wiki [3].  We have reset all password hashes and
> sent individual notification to all Debian wiki account holders with
> instructions on how to recover (and thereby reset) their passwords [4].  More
> technical details about the attack are available [5].

[snip]

Thanks, I just reset the password on my account only to realize that
SSL is not being used by default on wiki.d.o.

Surely this will be fixed in the very near future?

Off to change my password again,
-JLG

-- 
Jeremy L. Gaddis          e: jlgaddis@gnu.org
Network Engineer          m: +1.812.865.0581
PGP:  0x95E2C8FE          w: http://evilrouters.net

Reply to:

Follow-Ups:
- Re: Lack of SSL for Debian Wiki login (was: Re: wiki.debian.org password reset)
  - From: Luca Filipozzi <lfilipoz@debian.org>
- Re: Lack of SSL for Debian Wiki login (was: Re: wiki.debian.org password reset)
  - From: Paul Wise <pabs@debian.org>

Prev by Date: analysis of Debian wiki security breach
Next by Date: Re: Lack of SSL for Debian Wiki login (was: Re: wiki.debian.org password reset)
Previous by thread: analysis of Debian wiki security breach
Next by thread: Re: Lack of SSL for Debian Wiki login (was: Re: wiki.debian.org password reset)
Index(es):
- Date
- Thread