wiki.python.org compromised
| From: | Brian Curtin <brian-AT-python.org> | |
| To: | "python-announce-list-AT-python.org" <python-announce-list-AT-python.org> | |
| Subject: | FYI - wiki.python.org compromised | |
| Date: | Mon, 7 Jan 2013 23:38:49 -0600 | |
| Message-ID: | <CAD+XWwrL+Zs8_TAmK-17A3tJdaZx2d=kUfcpTG1QwT37B-P=sQ@mail.gmail.com> |
On December 28th, an unknown attacker used a previously unknown remote code exploit on http://wiki.python.org/. The attacker was able to get shell access as the "moin" user, but no other services were affected. Some time later, the attacker deleted all files owned by the "moin" user, including all instance data for both the Python and Jython wikis. The attack also had full access to all MoinMoin user data on all wikis. In light of this, the Python Software Foundation encourages all wiki users to change their password on other sites if the same one is in use elsewhere. We apologize for the inconvenience and will post further news as we bring the new and improved wiki.python.org online. If you have any questions about this incident please contact jnoller@python.org. Thank you for your patience. -- http://mail.python.org/mailman/listinfo/python-announce-list Support the Python Software Foundation: http://www.python.org/psf/donations/
Posted Jan 8, 2013 21:30 UTC (Tue)
by amarao (guest, #87073)
[Link] (1 responses)
Most of them are alive. And list is pretty serious: Apache, Ubuntu, Mercurial, Baazar, CAcert.org, WireShark, Squid, CouchDB, SpamAssasin, Gnome Live, Wine, X.org, GRUB, CentOS, Arch, FreeBSD, OpenWRT, freedesktop.org, GCC...
Posted Jan 8, 2013 22:30 UTC (Tue)
by pboddie (guest, #50784)
[Link]
Not that this helps anyone who migrated to Moin 1.9, of course, but those of us who drag our feet and belatedly upgrade only when necessary may still be running Moin 1.8 despite it now being more or less at the end of its support lifecycle.
wiki.python.org compromised
wiki.python.org compromised