[TYPO3-dev] typo3.org login
Erik Svendsen
erik at linnearad.no
Tue Nov 18 21:34:51 CET 2008
Hello Marcus,
I wasn't suspecting any backdoors (sorry for using that word), but I know
from own experience that both the checking part and legal part takes time,
a lot of time, even if the are two years since (i did only some of the legal
part).
I used it more as an example for everyone who has a TYPO3 installation, that
whatever kind of unautorized access on Admin level may give you a lot of
work afterward (with or without the legal part). And that admin account "lying"
around is a security risk. Without making any allegations.
> Erik Svendsen schrieb:
>
>> Hello Dmitry,
>>
>> If it's an "intrusion" with an admin account and password you may be
>> in deep shit, so guys - take extremly good care of admin accounts and
>> their passwords. An intruder may have had access for months, without
>> doing other things than putting in small pieces of backdoors and so
>> on.
>>
> Please do stop such wild speculations. Nobody talked about months. The
> intrusion itself is enough to cope with.
>
> We only closed login accounts for typo3.org. If there were back doors,
> do you think you would be able to access typo3.org at all?
>
> As Dmitry said, we are working on it nearly 24/7.
>
> Don't forget that this issue has also a legal aspect. So there's more
> to be done than simply checking logs.
>
> Marcus.
>
> Member TYPO3 Security Team
>
WBR,
Erik Svendsen
www.linnearad.no
More information about the TYPO3-dev
mailing list