[TYPO3-UG Russia] Fwd: Etomite followup information
Dmitry Dulepov
typo3 at fm-world.ru
Tue Jan 31 10:40:35 CET 2006
По крайней мере в typo3 о любом комите в cvs сообщается кому надо. Так
что ни одно изменение не пройдёт незамеченым... Кроме того, есть
определённые правила комитов (в частности, каждый патч должен быть перед
комитом одобрен минимум двумя людьми из core team), отклонение от них
допустимо только по решению Каспера.
Дима.
Michael Shigorin wrote:
> ...фух, всё-таки проще -- проломили сайт разработчиков,
> а не они забэкдорили...
>
> ---------- Forwarded message ----------
>
> Hello,
>
> I am Rick Elnor, the Etomite CMS security expert and owner ow Nixbased
> Security Consulting. I have noticed you reported the Etomite cij Variable
> Arbitrary Command Execution Vulnerability on your website. This information
> is not accurate.
>
> Heres the truth: "The eto site got hacked - they downloaded the etomite
> v0.6.0 files, and implemented a security exploit into them on the 11th of
> January, and reuploaded to the eto server. They also did the same with the
> RC3 files.
>
> The RTM files have been unaffected, as they are held on the secondary eto
> server.
>
> If you downloaded Etomite v0.6.0 prior to the 10th of January, your etomite
> install is safe.
> If you downloaded Etomite v0.6.0 or v0.6.1 RC3 after the 10th of January,
> your install may be compromised and you should upgrade to the RTM
> immediately.
>
> The second issue (which we knew about from day 1) - which is now completely
> irrelevant anyway (they made the code look like the "phone home" feature of
> etomite which is why we thought the issues were related).
> What the Phone Home feature does is phone home to the etomite server and
> tell us where you are running your etomite install ONLY if you untick the
> License Agreement box on the login page. THIS IS THE ONLY TIME v0.6.0 SENT
> US ANY DATA.
>
> We no longer collect the data, as I have removed the datacollection script."
>
> The above was posted as a forum message on the Etomite forums today at this
> location http://www.etomite.org/forums/index.php?showtopic=4291
>
> ----- End forwarded message -----
>
More information about the TYPO3-russia
mailing list