Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re: What happened?

by rowdog (Curate)
on Jul 30, 2009 at 09:35 UTC ( #784547=note: print w/replies, xml ) Need Help??


in reply to What happened?

zf0 is what happened to us. The cat's already out of the bag so go read zf05 for yourself.

At least they kind of like us...

In case you guys are worried, we did NOT backdoor dozens of your public Perl projects. Honest. Why would we want to do that?
Not worth our time ;)

Ah well, live and learn I guess.

Replies are listed 'Best First'.
Re^2: What happened?
by Yary (Pilgrim) on Jul 30, 2009 at 18:19 UTC
    Thanks for the link to a copy of the haxor's newsletter.
    There is a really simple reason we owned PerlMonks: we couldn't resist more than 50,000 unencrypted programmer passwords.

    That's right, unhashed. Just sitting in the database. From which they save convenient backups for us.

    Believe it or not, there is actually debate at perlmonks about whether or not this is a good idea. Let's just settle the argument right now and say it was an idea that children with mental disabilities would be smart enough to scoff at. We considered patching this for you but we were just too busy and lazy. I'm sure you can figure it out yourselves.

    This isn't a bad set of passwords, either. Programmers have access to interesting things. ...

    And they also published that servers private ssh key, so that might be used to compromise other servers that trust it (depending on their config). And they published that server's password hashes, which is subject to a brute force attack.

    I'm shocked this site hasn't gone off-line for housecleaning. Bad enough to be hacked, glad there's a homepage announcement. Would like to see more repairs. Would like an announcement about how the original exploit, and how subsequent vulnerabilities caused by the info liberated during the breach, have been addressed.

    The one time I suspected a server had been hacked- didn't even have firm proof, just a good hunch- I took it off line, wiped the drive, re-installed the OS from CDs, gave all users new passwords, and restored the scripts/executables from known good sources and the data from backups. Pain in the buttocks but it had to be done. That was a small machine with half a dozen users and I know this site is much much bigger and thus more of an issue to take off-line, but please, it has to be done.

Re^2: What happened?
by dws (Chancellor) on Jul 30, 2009 at 18:27 UTC

    ... we did NOT backdoor dozens of your public Perl projects. Honest. Why would we want to do that?

    There's more than a bit of wiggle room in that statement. Would PerlMonks.org code be considered a public project?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://784547]
help
Chatterbox?
[Corion]: Hmm - nVidia GTX 1070 + Vive makes EUR 1130, leaving EUR 370 for CPU+case+cooler+ RAM - not bad
[Corion]: (I'm not a fan of AMD)
[Corion]: On the other hand, the Radeon 580 RX would cost 380 instead of 430 ... But still, that's ATi and I've been unhappy with ATi drivers the two times I had one in my desktops

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (6)
As of 2017-08-21 08:35 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Who is your favorite scientist and why?



























    Results (319 votes). Check out past polls.

    Notices?