Possible Breach

R

Rob

Guest
Hello and happy Friday the 13th.

We have been busy this morning updating software and scrubbing passwords after being alerted by someone hunting a bounty that a security hole in the site was exploited causing all login information to be sent to a remote server upon successful logins.

- All software on the site has been updated
- All passwords have been reset to random
- You will need to use the lost password function to reset and login.
- If you used a shared password on this site you need to remove it from other sites as well
- Assume your old linux.org user/password combination is on pastebin somewhere.

Here's to the weekend.

Rob
 


Well done for doing all that emergency security implementation :cool:

It is good you are so concerned to protect your members' interests :)

However, wouldn't having our account details up on pastebin be in the true spirit of open source? ;)
 
However, wouldn't having our account details up on pastebin be in the true spirit of open source? ;)
Yes, but as far as privacy is concerned, you're sort of missing the point. The reason for open-source (at least initially) was (in part) to increase privacy through transparency and the availability of auditable source code. User names and passwords published on a website isn't my idea of open source. :p
 
Hello and happy Friday the 13th.

We have been busy this morning updating software and scrubbing passwords after being alerted by someone hunting a bounty that a security hole in the site was exploited causing all login information to be sent to a remote server upon successful logins.

- All software on the site has been updated
- All passwords have been reset to random
- You will need to use the lost password function to reset and login.
- If you used a shared password on this site you need to remove it from other sites as well
- Assume your old linux.org user/password combination is on pastebin somewhere.

Here's to the weekend.

Rob

I already got DOXed once, and now someone possibly has my old Password...... And maybe even my IP..... This can only be adequately summed up with one thing....... (Not directed at you guys.... :))
My_Response.jpg
 
Rob:

Good catch, I have reset my password and all is good.
 
Whether or not this violates any etiquette I have to say, cyber-sincerely, my user doesn't understand
Yes, but as far as privacy is concerned, you're sort of missing the point. The reason for open-source (at least initially) was (in part) to increase privacy through transparency and the availability of auditable source code. User names and passwords published on a website isn't my idea of open source. :p
How do I explain to my user how privacy can be increased through transparency? He keeps typing in things like "...but if I want to keep something secret and I hide it in a transparent briefcase..."
And is he really serious in getting me to Reply something written so long ago in human terms more than a whole calendar month has past, or in 'net terms 6592656598027548067408 PMS [ where PMS<=>Present Moment Slices ]
? ? / / /? |less
 
How do I explain to my user how privacy can be increased through transparency?
"Transparency" is achieved by not being able to hide back-doors, and other hacking techniques in the source code. NSA attempted to get Linus to do this with the Linux Kernel! They were not successful!

"Open Source" software that you can read, analyze, and test, IS safer than "Proprietary" software where you CANNOT see the source, and DO NOT know what the software is doing behind your back, and who is seeing your data!
 
Hello and happy Friday the 13th.

We have been busy this morning updating software and scrubbing passwords after being alerted by someone hunting a bounty that a security hole in the site was exploited causing all login information to be sent to a remote server upon successful logins.

- All software on the site has been updated
- All passwords have been reset to random
- You will need to use the lost password function to reset and login.
- If you used a shared password on this site you need to remove it from other sites as well
- Assume your old linux.org user/password combination is on pastebin somewhere.

Here's to the weekend.

Rob
Rob,
For the last few months, I have been getting a server error when coming to this site:(:(, now suddenly it works fine. Any words of wisdom?:):)
 

Members online


Top