An analysis of Debian wiki security breach
An analysis of Debian wiki security breach
[Distributions] Posted Jan 7, 2013 15:26 UTC (Mon) by corbet
The Debian project disclosed that the
security of its wiki system had been compromised. An analysis of that
compromise and its implications has now been posted. "We have
completed our audit of the original server hosting wiki.debian.org and have
concluded that the penetration did not yield escalated privileges for the
attacker(s) beyond the 'wiki' service account. That said, it is clear that
the attacker(s) have captured the email addresses and corresponding
password hashes of all wiki editors. The attacker(s) were particularly
interested in the password hashes belonging to users of Debian, Intel,
Dell, Google, Microsoft, GNU, any .gov and any .edu.
"