Menéame: comentarios [927738] http://www.meneame.net www.meneame.nethttp://www.meneame.nethttp://cdn.mnmstatic.net/img/mnm/eli-rss.png Sitio colaborativo de publicación y comunicación entre blogs Wed, 14 Apr 2010 05:37:11 +0000 http://blog.meneame.net/ es 6090789 927738 3 cbr600f 0 7 https://www.meneame.net/story/servidor-jira-apache-hackeado-instan-cambiar-passwords-eng #3 Servidor Jira de Apache hackeado, Instan cambiar passwords [ENG] https://www.meneame.net/story/servidor-jira-apache-hackeado-instan-cambiar-passwords-eng/c03#c-3 Wed, 14 Apr 2010 05:37:11 +0000 cbr600f https://www.meneame.net/story/servidor-jira-apache-hackeado-instan-cambiar-passwords-eng/c03#c-3 #2 más bien al revés no?

» autor: cbr600f

]]> 6089996 927738 2 --1-- 0 13 https://www.meneame.net/story/servidor-jira-apache-hackeado-instan-cambiar-passwords-eng #2 Servidor Jira de Apache hackeado, Instan cambiar passwords [ENG] https://www.meneame.net/story/servidor-jira-apache-hackeado-instan-cambiar-passwords-eng/c02#c-2 Tue, 13 Apr 2010 21:14:57 +0000 --1-- https://www.meneame.net/story/servidor-jira-apache-hackeado-instan-cambiar-passwords-eng/c02#c-2 dupe: www.meneame.net/story/fundacion-apache-atacada-han-robado-contrasenas-

» autor: --1--

]]> 6088659 927738 1 cbr600f 0 7 https://www.meneame.net/story/servidor-jira-apache-hackeado-instan-cambiar-passwords-eng #1 Servidor Jira de Apache hackeado, Instan cambiar passwords [ENG] https://www.meneame.net/story/servidor-jira-apache-hackeado-instan-cambiar-passwords-eng/c01#c-1 Tue, 13 Apr 2010 16:57:42 +0000 cbr600f https://www.meneame.net/story/servidor-jira-apache-hackeado-instan-cambiar-passwords-eng/c01#c-1 Más información:

people.apache.org/~joes/jira-hacked.txt

moojix.wordpress.com/2010/04/13/jira-at-apache-org-was-hacked/

Este es el email envíado a los usuarios registrados

"Dear XXXXXX,

You are receiving this email because you have a login, 'xxxxxx', on the Apache JIRA installation, issues.apache.org/jira/

On April 6 the issues.apache.org server was hacked. The attackers were able to install a trojan JIRA login screen and later get full root access:

blogs.apache.org/infra/entry/apache_org_04_09_2010

We are assuming that the attackers have a copy of the JIRA database, which includes a hash (SHA-512 unsalted) of the password
you set when signing up as 'xxxxxxx' to JIRA. If the password you set was not of great quality (eg. based on a dictionary word), it
should be assumed that the attackers can guess your password from the password hash via brute force.

The upshot is that someone malicious may know both your email address and a password of yours.

This is a problem because many people reuse passwords across online services. If you reuse passwords across systems, we urge you to change
your passwords on ALL SYSTEMS that might be using the compromised JIRA password. Prime examples might be gmail or hotmail accounts, online
banking sites, or sites known to be related to your email's domain, gmail.com.

Naturally we would also like you to reset your JIRA password. That can be done at:

issues.apache.org/jira/secure/ForgotPassword!default.jspa?username=xxx

We (the Apache JIRA administrators) sincerely apologize for this security breach. If you have any questions, please let us know by email.
We are also available on the #asfinfra IRC channel on irc.freenode.net.

Regards,

The Apache Infrastructure Team"

» autor: cbr600f

]]>