Welcome to WebmasterWorld Guest from 107.20.110.201

Forum Moderators: ergophobe

Message Too Old, No Replies

Change your drupal.org passwords

     

JohnRoy

11:33 pm on May 29, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Unauthorized access to account information was discovered on Drupal.org and groups.drupal.org.

From drupal.org/news/130529SecurityUpdate

What happened?

Malicious files were placed on association.drupal.org servers via a third-party application used by that site. Upon discovering the files during a security audit, we shut down the association.drupal.org website to mitigate any possible ongoing security issues related to the files. The Drupal Security Team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability.

ergophobe

3:32 am on May 30, 2013 (gmt 0)

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Thanks for the heads up - this is why I use random auto-generated passwords on most sites. If someone cracks my password, it's only for one site.

explorador

3:19 pm on May 30, 2013 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Thanks, I got the email.

I understand the problem is not related to Drupal but to the accounts we might have at Drupal.org, so Drupal installs are safe as yesterday or a week ago.

incrediBILL

3:52 pm on May 30, 2013 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Oh look, they're jealous of all the WordPress hacks and had to go get one for themselves!

rollinj

5:54 pm on May 30, 2013 (gmt 0)

5+ Year Member



@ergophobe you and me both, buddy!

ergophobe

6:09 am on May 31, 2013 (gmt 0)

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



"Drupal installs are safe"

True, this is not news about a vulnerability in Drupal per se, but that does not imply that Drupal installs are safe or unsafe, merely that the Drupal.org website got hacked in some unknown way.

As in "Bob crashed his Ford because he was drunk, so my car is safe." Maybe, maybe not ;-)

4serendipity

8:26 pm on Jun 2, 2013 (gmt 0)

10+ Year Member



I understand the problem is not related to Drupal but to the accounts we might have at Drupal.org, so Drupal installs are safe as yesterday or a week ago.


One thing that I really like about drupal is how well the security team and other members of the community communicate issues.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month