[TYPO3-english] TYPO3.ORG hacked
Erik Svendsen
erik at linnearad.no
Fri Nov 14 19:28:04 CET 2008
Hello Marcel,
No, the http://typo3.org/about/faq/t3org-issue/ says an admin password was
stolen as far as they know. By the way, I have had same experience with 4
different large social/forum sites the last 3 year. None of them hacked,
all times username and password "misplaced", easy to guess and so on.
Yes, there has been a a securitybulletin the last days, one low and one medium.
http://news.typo3.org/news/article/cross-site-scripting-vulnerabilities-in-typo3-core/.
Everyone with a TYPO3 installation should subscribe to the security list
or/and security news. Not really big issuses.
WBR,
Erik Svendsen
www.linnearad.no
> Hi,
>
> seems like too much of an coincident that I got this security warning
> last night : http://www.securityfocus.com/bid/32284/discuss
>
> If this is the reason typo3.org was "intruded" than TYPO3 was also the
> problem and not just social engineering.
>
> Marcel
>
> Patrick Gaumond schreef:
>
>> If there's one thing that news.typo3.org and FAQ can do is make it
>> very evident that the site WASN'T hacked but that there was an
>> intrusion.
>>
>> Hacking would mean the software (TYPO3, it's settings, server or
>> Apache) was the problem while "Intrusion" means that social
>> engineering was probably involved. Weak password being mainly a human
>> factor even if you can force heavier passwords.
>>
>> May I suggest reading :
>> http://en.wikipedia.org/wiki/Social_engineering_(computer_security)
>>
>> Patrick
>>
WBR,
Erik Svendsen
www.linnearad.no
More information about the TYPO3-english
mailing list