[TYPO3-english] TYPO3.ORG hacked

Sebastian Gebhard sg at webagentur-gebhard.de
Mon Nov 17 00:51:21 CET 2008

Xavier Perseguers schrieb:
> Steffen Gebert wrote:
>> Robert Lemke wrote:
>>>> Yes, I have! It's easy! Just sit down and think out a system for
>>>> your new passwords - e.g.
>>> Better not. I've seen pigs fly ...
>> Of course nothing is 100% secure.. but it's IMHO much better than 
>> one-for-all.
>> Furthermore I prefer keeping passwords in mind and not to rely on a 
>> tool, which I don't have with me, when I need to login from a foreign PC.
> Do you know keepass portable edition? :-)

I did use some kind of general password on typo3.org. I opened my list 
of saved passwords in firefox and it gave me a list of sites where I 
used this. It took me 2 hours to get through all these sites and change 
my data (however I found a few sites that were cool to be reminded of).
Now every login has a different password with a length of 20 characters, 
except the login for my OpenID-Provider which contains 22 characters 
(just for fun, i know 20 is enough).

KeePass helped me a lot.

Maybe it's odd to say that but it was good that it was typo3.org that 
was hacked because I'm sure not every site would have been so 
transparent and quick. Imagine the attacker had a week time. Just him a 
few hundred user/password sets and some pizza - he could have done 
enourmos damage to people like me that used to be too careless.

More information about the TYPO3-english mailing list