Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||
Freedesktop.org returns to the netFreedesktop.org returns to the netPosted Nov 24, 2004 9:13 UTC (Wed) by Cato (subscriber, #7643)Parent article: Freedesktop.org returns to the net The recent vulnerability in TWiki was a serious one, and quite a few sites have unfortunately been compromised, though those who patched their sites in time have not been. The TWiki developers were notified of the vulnerability on 12th November, and the security alert email went out on the same day, including a patch to fix the hole and referencing the alert page that went up shortly after. You can check the history of that page using the Total Page History on the bottom of the page. I'm not sure when Freedesktop.org checked the TWiki site - it's possible the exploit was in the wild before the TWiki developers were notified, but from 13th November the alert information was there. The TWiki community is discussing how best to deliver security alerts to administrators (probably via a low-volume security alert list) as part of an improved TWiki security alert process. The main problem with this hole has been notifying administrators in a low-volume way (we already have quite a high volume email list of changes to TWiki.org pages). Disclosure: As you may have guessed, I'm one of the TWiki developers.
(Log in to post comments)
|
|||||||||||