http://www.perlmonks.org?node_id=784217


in reply to Re: It's Time for Everyone to Change Passwords!
in thread It's Time for Everyone to Change Passwords!

the site is 404 now and i found only one public mirror so far.
however the hack is a few months old already : Fri Apr 15 13:34:52 2005
btw interesting new user : 784161

update: while the date was wrong (can't believe i misread this) the hack is still a few months old

Replies are listed 'Best First'.
Re^3: It's Time for Everyone to Change Passwords!
by OverlordQ (Hermit) on Jul 29, 2009 at 18:05 UTC
    that particular output of uname is the kernel version, IE when it was compiled. uname doesn't output the current date.
[reply]
Re^3: It's Time for Everyone to Change Passwords!
by ELISHEVA (Prior) on Jul 29, 2009 at 17:29 UTC

    Please note: The April 15, 2005 date is the output of a uname command. The list of saints includes users who did not exist in 2005 and/or people who were only added to the Saints list at the end of April, 2009. This is a recent hack.

    Best, beth

[reply]
[d/l]
Re^3: It's Time for Everyone to Change Passwords!
by tirwhan (Abbot) on Jul 29, 2009 at 12:27 UTC
    however the hack ia few month old already : Fri Apr 15

    I'm guessing, but from comments in the CB I've gathered that the server that was hacked was an old machine, which is still up but no longer in active use. So the hack might very well be more recent, with only older information being disclosed.


    All dogma is stupid.
[reply]
[d/l]
      the info might be old but i guess most people don't change their passwords every few months so most of those passwords might be working.
[reply]
        so most of those passwords might be working

        Oh yeah, absolutely. And even if someone has changed their password between Apr. 15th and now they should still change it again now (and probably again after the gods declare the crisis to be over) just to be sure.

        I just mentioned this (i.e. the date of the information not necessarily indicating when the hack occurred) to prevent a false sense of security (as in "Oh well, nothing bad has happened since April so I guess it's ok").


        All dogma is stupid.
[reply]
[d/l]
Re^3: It's Time for Everyone to Change Passwords!
by clintp (Curate) on Jul 30, 2009 at 16:32 UTC
    It's still out there, now mirrored in several places (not by me, but others). Since PerlMonks is still up and running, some must think there's no risks remaining. In the interest of full disclosure here's the *TEXT ONLY* of the posting:
    There is a really simple reason we owned PerlMonks: we couldn't resist more than 50,000 unencrypted programmer passwords.

    That's right, unhashed. Just sitting in the database. From which they save convenient backups for us.

    Believe it or not, there is actually debate at perlmonks about whether or not this is a good idea. Let's just settle the argument right now and say it was an idea that children with mental disabilities would be smart enough to scoff at. We considered patching this for you but we were just too busy and lazy. I'm sure you can figure it out yourselves.

    This isn't a bad set of passwords, either. Programmers have access to interesting things. These Perl guys are alright, just a little dumb apparently. A lot of them reuse. You can explore them yourselves, I really do not want to point out anyone in particular.

    ...

    In case you guys are worried, we did NOT backdoor dozens of your public Perl projects. Honest. Why would we want to do that?

    Not worth our time ;)

[reply]

In Section Perl Monks Discussion