[TYPO3-english] TYPO3.ORG hacked

[Erik Svendsen]

Hello Dmitry,

You have my support!

For instance, md5 hash aren't secure at all. Every md5 hashed password with 
less than 6 - 7 characters are unsecure (the hash -> password is known).
Security is much more than hashing of password, as long as information is 
sent in plaintext you can't talk about real security.

A website isn't unsecure if the only information which is possible to get 
hold of are information which is public accessible, even if it's a site where 
you have to logg in to post anything. If you are using same password on websites 
where security is important or on shell accounts, it's not the websites - 
but yourself that makes a security risk. 

TYPO3 isn't more and less insecure than other CMS, even if others have md5 
hash as default. Different websites could be more and less secure, whatever 
CMS are used, depending on the overall security of the implementation and 
the CMS. If you are using a two year old version of any CMS, you are probably 
a security risk whatever.
  

> Hi!
> 
> Andreas Becker wrote:
> 
>> Simply make the highest standards of security the TYPO3 standard and
>> don't ask if someone wants a less secure one. If they want to change
>> it to unsecure it will be their fault if they get hacked and not the
>> one of an insecure TYPO3.
>> 
> What I dislike in such posts is that they use words like 'insecure'
> without understanding what they claim by using such words. This makes
> a lot of damage to the TYPO3. Much more damage then the original
> incident. Irresponsible posts, like yours, are bad.
> 
>> Same is to Silverstripe, Magento, CMSMS and many more high class CMS.
>> They simply try to provide the highest standard in password and login
>> security just from scratch when you start installing your site - WHY
>> NOT TYPO3?
>> 
> Where is your patch? Everyone can shout and scream. It is easy.
> Instead, do something useful and make a patch. If you can't — don't
> shout because it is useless.
> 
WBR,
Erik Svendsen
www.linnearad.no