homepage Welcome to WebmasterWorld Guest from 54.204.64.152
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Accredited PayPal World Seller

Home / Forums Index / Code, Content, and Presentation / Content Management
Forum Library, Charter, Moderators: ergophobe

Content Management Forum

    
Change your drupal.org passwords
JohnRoy




msg:4579254
 11:33 pm on May 29, 2013 (gmt 0)

Unauthorized access to account information was discovered on Drupal.org and groups.drupal.org.

From drupal.org/news/130529SecurityUpdate

What happened?

Malicious files were placed on association.drupal.org servers via a third-party application used by that site. Upon discovering the files during a security audit, we shut down the association.drupal.org website to mitigate any possible ongoing security issues related to the files. The Drupal Security Team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability.

 

ergophobe




msg:4579305
 3:32 am on May 30, 2013 (gmt 0)

Thanks for the heads up - this is why I use random auto-generated passwords on most sites. If someone cracks my password, it's only for one site.

explorador




msg:4579506
 3:19 pm on May 30, 2013 (gmt 0)

Thanks, I got the email.

I understand the problem is not related to Drupal but to the accounts we might have at Drupal.org, so Drupal installs are safe as yesterday or a week ago.

incrediBILL




msg:4579526
 3:52 pm on May 30, 2013 (gmt 0)

Oh look, they're jealous of all the WordPress hacks and had to go get one for themselves!

rollinj




msg:4579560
 5:54 pm on May 30, 2013 (gmt 0)

@ergophobe you and me both, buddy!

ergophobe




msg:4579738
 6:09 am on May 31, 2013 (gmt 0)

"Drupal installs are safe"

True, this is not news about a vulnerability in Drupal per se, but that does not imply that Drupal installs are safe or unsafe, merely that the Drupal.org website got hacked in some unknown way.

As in "Bob crashed his Ford because he was drunk, so my car is safe." Maybe, maybe not ;-)

4serendipity




msg:4580402
 8:26 pm on Jun 2, 2013 (gmt 0)

I understand the problem is not related to Drupal but to the accounts we might have at Drupal.org, so Drupal installs are safe as yesterday or a week ago.


One thing that I really like about drupal is how well the security team and other members of the community communicate issues.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Content Management
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved