[TYPO3-dev] typo3.org login
Marcus Krause
marcus#exp2008 at t3sec.info
Tue Nov 18 21:07:47 CET 2008
Erik Svendsen schrieb:
> Hello Dmitry,
>
> If it's an "intrusion" with an admin account and password you may be in
> deep shit, so guys - take extremly good care of admin accounts and their
> passwords. An intruder may have had access for months, without doing
> other things than putting in small pieces of backdoors and so on.
Please do stop such wild speculations. Nobody talked about months.
The intrusion itself is enough to cope with.
We only closed login accounts for typo3.org. If there were back doors,
do you think you would be able to access typo3.org at all?
As Dmitry said, we are working on it nearly 24/7.
Don't forget that this issue has also a legal aspect. So there's more to
be done than simply checking logs.
Marcus.
Member TYPO3 Security Team
More information about the TYPO3-dev
mailing list