On Thu, Oct 13, 2011 at 10:23:58AM +0200, Maarten Lankhorst wrote:
> Hey,
>
> On 10/12/2011 12:46 AM, Josh Juran wrote:
> > On Oct 11, 2011, at 3:37 PM, Conan Kudo (ニール・ゴンパ) wrote:
> >
> >> On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran wrote:
> >>
> >>> Since bugzilla passwords were sent in clearte
Hey,
On 10/12/2011 12:46 AM, Josh Juran wrote:
> On Oct 11, 2011, at 3:37 PM, Conan Kudo (ニール・ゴンパ) wrote:
>
>> On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran wrote:
>>
>>> Since bugzilla passwords were sent in cleartext anyway, I sincerely hope
>>> none of them were otherwise valuable. (Remember F
On 10/11/2011 09:13 PM, Jeremy White wrote:
I am sad to say that there was a compromise of the WineHQ database system.
"Nothing Is Invulnerable"
So, now or later, your system will be compromised.
The only thing you have to do is to be prepared to face an incident and
of course secure your syste
On Oct 11, 2011, at 3:54 PM, Conan Kudo (ニール・ゴンパ) wrote:
> 2011/10/11 Josh Juran
>
>> To clarify, your browser sends your password to bugzilla in cleartext, since
>> HTTPS isn't an option.
>
> Shouldn't it be possible to modify the login environment so that a salted
> hash of the password is
2011/10/11 Josh Juran
> On Oct 11, 2011, at 3:37 PM, Conan Kudo (ニール・ゴンパ) wrote:
>
> > On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran wrote:
> >
> >> Since bugzilla passwords were sent in cleartext anyway, I sincerely hope
> none of them were otherwise valuable. (Remember FireSheep?)
> >
> > Wait,
2011/10/11 Josh Juran :
> On Oct 11, 2011, at 3:37 PM, Conan Kudo (ニール・ゴンパ) wrote:
>
>> On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran wrote:
>>
>>> Since bugzilla passwords were sent in cleartext anyway, I sincerely hope
>>> none of them were otherwise valuable. (Remember FireSheep?)
>>
>> Wait, w
On Oct 11, 2011, at 3:37 PM, Conan Kudo (ニール・ゴンパ) wrote:
> On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran wrote:
>
>> Since bugzilla passwords were sent in cleartext anyway, I sincerely hope
>> none of them were otherwise valuable. (Remember FireSheep?)
>
> Wait, what? Bugzilla sends passwords i
On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran wrote:
> On Oct 11, 2011, at 12:13 PM, Jeremy White wrote:
>
> > Unfortunately, the attackers were able to download the full login
> > database for both the appdb and bugzilla. This means that they have all
> > of those emails, as well as the passwords
> Almost 2 years ago I have sent you an email privately about a security
> hole with the database. To be exactly, the date of the email is Wed,
> Jul 29, 2009, 12:00 AM (GMT +02:00). I guess that's probably the same
> trick the bad guys have used...
Hmm. I can't find any such email in my archives
On Tue, Oct 11, 2011 at 9:13 PM, Jeremy White wrote:
> Hi,
>
> I am sad to say that there was a compromise of the WineHQ database system.
>
> What we know at this point that someone was able to obtain unauthorized
> access to the phpmyadmin utility. We do not exactly how they obtained
> access; i
On Oct 11, 2011, at 12:13 PM, Jeremy White wrote:
> What we know at this point that someone was able to obtain unauthorized
> access to the phpmyadmin utility. We do not exactly how they obtained
> access; it was either by compromising an admins credentials, or by
> exploiting an unpatched vulner
On Tue, Oct 11, 2011 at 9:13 PM, Jeremy White wrote:
> Hi,
>
> I am sad to say that there was a compromise of the WineHQ database system.
>
Hi,
one question. I'm not worried about my current account, but I had an old
email with an old password recorded in my keychain store. I tried that email
a
On Tue, Oct 11, 2011 at 8:46 PM, Jerome Leclanche wrote:
> Thank you so much for letting the users know so early on.
>
> Bugzilla/forum passwords should probably be reset as well for appdb
> users, there's no doubt most people share passwords with the appdb.
>
> On Tue, Oct 11, 2011 at 8:13 PM, Je
2011/10/11 Jerome Leclanche :
> Thank you so much for letting the users know so early on.
>
> Bugzilla/forum passwords should probably be reset as well for appdb
> users, there's no doubt most people share passwords with the appdb.
>
> On Tue, Oct 11, 2011 at 8:13 PM, Jeremy White wrote:
>> Hi,
>>
Hey everyone,
On 10/11/2011 09:13 PM, Jeremy White wrote:
> Hi,
>
> I am sad to say that there was a compromise of the WineHQ database system.
>
> What we know at this point that someone was able to obtain unauthorized
> access to the phpmyadmin utility. We do not exactly how they obtained
> acce
Thank you so much for letting the users know so early on.
Bugzilla/forum passwords should probably be reset as well for appdb
users, there's no doubt most people share passwords with the appdb.
On Tue, Oct 11, 2011 at 8:13 PM, Jeremy White wrote:
> Hi,
>
> I am sad to say that there was a compro
Hi,
I am sad to say that there was a compromise of the WineHQ database system.
What we know at this point that someone was able to obtain unauthorized
access to the phpmyadmin utility. We do not exactly how they obtained
access; it was either by compromising an admins credentials, or by
exploiti
17 matches
Mail list logo
