geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevan Miller <kevan.mil...@gmail.com>
Subject Fwd: [NOTICE] compromised jira passwords
Date Mon, 12 Apr 2010 13:37:43 GMT
All,
Please note the following and take action as appropriate.

--kevan

Begin forwarded message:

> From: Joe Schaefer <joe_schaefer@yahoo.com>
> Date: April 10, 2010 1:24:14 PM EDT
> To: community@apache.org
> Subject: [NOTICE] compromised jira passwords
> Reply-To: community@apache.org
> 
> Hello Apache community@ [1],
> 
> As you are probably aware we have been working to restore services
> that have been compromised by a very targetted attack against Apache's
> jira installation.  The good news is that jira is back online, with
> bugzilla and confluence soon to follow [2].  The bad news is that the
> hacker was able to rejigger jira's code to sniff any cookies and
> passwords sent to the server between April 6 and April 9.  If you
> used jira at all this week, including via IDE's that interface via
> SOAP, it is IMPERATIVE that you take time to immediately reset your
> jira password, and possibly your ldap password if those match up.
> If you have admin privs in jira your password was reset by us, so
> you'll need to use the password reset form in jira to regain access.
> 
> To have a reset password mailed to your contact information in jira,
> visit
> 
> https://issues.apache.org/jira/secure/ForgotPassword!default.jspa
> 
> When you do login to jira be sure to double-check your contact info.
> 
> To change your ldap password login to people.apache.org and run
> /usr/sbin/passwd, or else visit https://svn.apache.org/change-password
> .
> 
> Thanks for your patience and diligence in this matter.  A blog post
> will be forthcoming which will provide details of the attack and
> what we have done to mitigate future hack attempts.
> 
> 
> [1] feel free to forward this note to any other apache mailing list,
> public or private.
> 
> [2] at this time we do not believe the hacker compromised the confluence
> and bugzilla installs, but we are awaiting confirmation from our admins
> before bringing those back online.
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: community-unsubscribe@apache.org
> For additional commands, e-mail: community-help@apache.org
> 


Mime
View raw message