[TYPO3-english] TYPO3.ORG hacked
erik at linnearad.no
Fri Nov 14 19:28:04 CET 2008
No, the http://typo3.org/about/faq/t3org-issue/ says an admin password was
stolen as far as they know. By the way, I have had same experience with 4
different large social/forum sites the last 3 year. None of them hacked,
all times username and password "misplaced", easy to guess and so on.
Yes, there has been a a securitybulletin the last days, one low and one medium.
Everyone with a TYPO3 installation should subscribe to the security list
or/and security news. Not really big issuses.
> seems like too much of an coincident that I got this security warning
> last night : http://www.securityfocus.com/bid/32284/discuss
> If this is the reason typo3.org was "intruded" than TYPO3 was also the
> problem and not just social engineering.
> Patrick Gaumond schreef:
>> If there's one thing that news.typo3.org and FAQ can do is make it
>> very evident that the site WASN'T hacked but that there was an
>> Hacking would mean the software (TYPO3, it's settings, server or
>> Apache) was the problem while "Intrusion" means that social
>> engineering was probably involved. Weak password being mainly a human
>> factor even if you can force heavier passwords.
>> May I suggest reading :
More information about the TYPO3-english