[TYPO3-english] TYPO3.ORG hacked
erik at linnearad.no
Sun Nov 16 13:58:53 CET 2008
You have my support!
For instance, md5 hash aren't secure at all. Every md5 hashed password with
less than 6 - 7 characters are unsecure (the hash -> password is known).
Security is much more than hashing of password, as long as information is
sent in plaintext you can't talk about real security.
A website isn't unsecure if the only information which is possible to get
hold of are information which is public accessible, even if it's a site where
you have to logg in to post anything. If you are using same password on websites
where security is important or on shell accounts, it's not the websites -
but yourself that makes a security risk.
TYPO3 isn't more and less insecure than other CMS, even if others have md5
hash as default. Different websites could be more and less secure, whatever
CMS are used, depending on the overall security of the implementation and
the CMS. If you are using a two year old version of any CMS, you are probably
a security risk whatever.
> Andreas Becker wrote:
>> Simply make the highest standards of security the TYPO3 standard and
>> don't ask if someone wants a less secure one. If they want to change
>> it to unsecure it will be their fault if they get hacked and not the
>> one of an insecure TYPO3.
> What I dislike in such posts is that they use words like 'insecure'
> without understanding what they claim by using such words. This makes
> a lot of damage to the TYPO3. Much more damage then the original
> incident. Irresponsible posts, like yours, are bad.
>> Same is to Silverstripe, Magento, CMSMS and many more high class CMS.
>> They simply try to provide the highest standard in password and login
>> security just from scratch when you start installing your site - WHY
>> NOT TYPO3?
> Where is your patch? Everyone can shout and scream. It is easy.
> Instead, do something useful and make a patch. If you can't — don't
> shout because it is useless.
More information about the TYPO3-english