[TYPO3-english] TYPO3.ORG hacked
l.mul-nospam-ler at ameos.com
Fri Nov 14 17:29:13 CET 2008
Dmitry Dulepov a écrit :
> Hi Daniel!
> Daniel Pötzinger wrote:
>> Dmitry Dulepov schrieb:
>>> Was there a real need to post such things right now, when people are
>>> working hard to recover from the issue?
>> I see also no reason to hide the fact how noisome the handling with
>> personal data was on typo3.org. I am really disappointed!
> Did I say the issue should be hidden? No, I did not. Please, read
> again what I said with a cool head :)
> No one hides it, everyone has got detailed, clear and truthful
> e-mail about this situation. Obviously security team will not reveal
> what they are doing right now because they are not finished yet. If
> you have an idea about handling security incidents, you should
> understand why they do not reveal every tiny detail to the public at
> the moment. They do the right thing. They handle it professionally!
> There should be no panic or shouting. Be clever, stay calm and wait
> till responsible people will tell you what to do next. Shouting and
> disappointment never helps in such cases.
>> Also all need to recover.. - since our data was not secured sufficent!
> Not only yours, mine too. But I am not panicking or shouting. What
> can we do right now? Nothing. So keep calm and wait. This is the
> best you can do now, believe me :) Disrupting security team work
> with shouts and accusations will not help at all.
I'm sure that the security team is doing good work. I'm also sure for
now there's nothing I can do but wait for good news. at least I know
that debating on the powerful WPA2 or MD5 hash won't help.
But the only question, that has not been answered yet. is that I would
like to know if the password were encoded in plain text.
It's not as simple as "yep but you should have a different password on
any website" there you won't have any problems.
I guess, we all are web professionnnal, thus means, we should all have
something like 100+ different IDs.
so I'll ask who, here us a unique password per website ?
another point is : maybe my password is identical on any website, but
maybe my login is different. this mean my login capabilities on other
website could remain secure from the time intrusion on other services
are only based on the strict stolen couple login / password .
well, let's hope the guy/girl is not going so sell our information at
/Formidable - Rapid Application Developpement Framework for Typo3
/Typo3 Ameos <http://www.ameos.com>/
More information about the TYPO3-english