[TYPO3-english] Is TER safe after hacking of typo3.org?
ries van Twisk
typo3 at rvt.dds.nl
Wed Nov 26 00:28:30 CET 2008
On Nov 25, 2008, at 4:57 PM, Jan Loderhose wrote:
> hi folks,
>
> my question is basically directed at members of the core team but
> maybe there
> are some people out there interested in the anwser, so i post the
> following on
> the list.
>
> well, its been some time, since the accounts of typo3.org and forge
> users were
> disabled due to a lame admin password ... (enough arguing on that)
>
> since that day me and some other typo3-guys wonder if any other data
> could be
> corrupted due to that incident. how about importing extensions from
> ter?
> was there any analysis concerning injections of bad code into
> extensions sources?
>
> i ask since md5-hashes are easily manipulable as well as file
> modification
> dates, so it won't prove anything, if there hasn't been any
> indication for
> alterations via simply checking data integrity.
> has anyone ever gone into a deeper research?
>
> maybe i missed a thread on this topic. in that case i'd appreciate a
> hint on the
> date and subject, so i may read it ex post.
>
> to make this plain: my questions are not meant as a rampage, but i
> long for an
> official statement from an association member.
>
> cheers and thanks,
>
> jan
Jan,
I think we need to wait for an official statement before we can go
ahead, only
then we know for 100% sure that we are safe.
Ries
More information about the TYPO3-english
mailing list