Return-Path: 
 <user-return-14696-apmail-geronimo-user-archive=geronimo.apache.org@geronimo.apache.org>
Delivered-To: apmail-geronimo-user-archive@www.apache.org
Received: (qmail 29424 invoked from network); 12 Apr 2010 13:38:17 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 12 Apr 2010 13:38:17 -0000
Received: (qmail 91628 invoked by uid 500); 12 Apr 2010 13:38:17 -0000
Delivered-To: apmail-geronimo-user-archive@geronimo.apache.org
Received: (qmail 91608 invoked by uid 500); 12 Apr 2010 13:38:17 -0000
Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:user-help@geronimo.apache.org>
list-unsubscribe: <mailto:user-unsubscribe@geronimo.apache.org>
List-Post: <mailto:user@geronimo.apache.org>
Reply-To: user@geronimo.apache.org
List-Id: <user.geronimo.apache.org>
Delivered-To: mailing list user@geronimo.apache.org
Received: (qmail 91599 invoked by uid 99); 12 Apr 2010 13:38:17 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 12 Apr 2010 13:38:17 +0000
X-ASF-Spam-Status: No, hits=2.2 required=10.0
	tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of kevan.miller@gmail.com
 designates 209.85.160.54 as permitted sender)
Received: from [209.85.160.54] (HELO mail-pw0-f54.google.com) (209.85.160.54)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 12 Apr 2010 13:38:08 +0000
Received: by pwi9 with SMTP id 9so4810543pwi.13
        for <multiple recipients>; Mon, 12 Apr 2010 06:37:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:from:content-type:subject
         :date:references:to:message-id:mime-version:x-mailer;
        bh=ZEGilsjY4WGDK9w4ibdp37OEdD3uf36HCM2HUBVaZLY=;
        b=gytGrwgFzYhABXyh77oAS8cNQPTNUTUKYI0vqTU2ta1TF9yRv/spP0YazGu9SISHqN
         cN8ecDa3jZNhsnA1tNl8+8LEKpJG7Jj6cccEoyT4ECQ+77GQG3BpMnN3XbMtTzQ3zRGf
         sFGTYmVX7rpM+yYxFevUE+DFNlDlhD+mgOc+M=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=from:content-type:subject:date:references:to:message-id
         :mime-version:x-mailer;
        b=I3aqEW0hzV8SB0JXcSQfz5uAExjBY4dWTXuU9eiTqxGOC+ATmNvL9TnYv0Ye5JriP/
         JjCpReNcdCsJl3GPAn8/ANPjkk6jJlsjT0ynMHhoRgNgDqUSYgDGxlMyayvj9du2vNtE
         wJp3t67+L/Q97NGoLn2pyFqMIZ9wluCZxX0/E=
Received: by 10.140.247.16 with SMTP id u16mr3218681rvh.215.1271079466416;
        Mon, 12 Apr 2010 06:37:46 -0700 (PDT)
Received: from [10.0.1.8] (cpe-075-189-199-238.nc.res.rr.com [75.189.199.238])
        by mx.google.com with ESMTPS id 4sm1077971yxd.70.2010.04.12.06.37.44
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Mon, 12 Apr 2010 06:37:45 -0700 (PDT)
From: Kevan Miller <kevan.miller@gmail.com>
Content-Type: multipart/alternative; boundary=Apple-Mail-37-714487775
Subject: Fwd: [NOTICE] compromised jira passwords
Date: Mon, 12 Apr 2010 09:37:43 -0400
References: <387642.28804.qm@web54404.mail.re2.yahoo.com>
To: Geronimo Dev <dev@geronimo.apache.org>,
 user@geronimo.apache.org
Message-Id: <532C9778-BE2D-411E-870A-DA1701C1D3EA@gmail.com>
Mime-Version: 1.0 (Apple Message framework v1078)
X-Mailer: Apple Mail (2.1078)
X-Virus-Checked: Checked by ClamAV on apache.org


--Apple-Mail-37-714487775
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=us-ascii

All,
Please note the following and take action as appropriate.

--kevan

Begin forwarded message:

> From: Joe Schaefer <joe_schaefer@yahoo.com>
> Date: April 10, 2010 1:24:14 PM EDT
> To: community@apache.org
> Subject: [NOTICE] compromised jira passwords
> Reply-To: community@apache.org
> 
> Hello Apache community@ [1],
> 
> As you are probably aware we have been working to restore services
> that have been compromised by a very targetted attack against Apache's
> jira installation.  The good news is that jira is back online, with
> bugzilla and confluence soon to follow [2].  The bad news is that the
> hacker was able to rejigger jira's code to sniff any cookies and
> passwords sent to the server between April 6 and April 9.  If you
> used jira at all this week, including via IDE's that interface via
> SOAP, it is IMPERATIVE that you take time to immediately reset your
> jira password, and possibly your ldap password if those match up.
> If you have admin privs in jira your password was reset by us, so
> you'll need to use the password reset form in jira to regain access.
> 
> To have a reset password mailed to your contact information in jira,
> visit
> 
> https://issues.apache.org/jira/secure/ForgotPassword!default.jspa
> 
> When you do login to jira be sure to double-check your contact info.
> 
> To change your ldap password login to people.apache.org and run
> /usr/sbin/passwd, or else visit https://svn.apache.org/change-password
> .
> 
> Thanks for your patience and diligence in this matter.  A blog post
> will be forthcoming which will provide details of the attack and
> what we have done to mitigate future hack attempts.
> 
> 
> [1] feel free to forward this note to any other apache mailing list,
> public or private.
> 
> [2] at this time we do not believe the hacker compromised the confluence
> and bugzilla installs, but we are awaiting confirmation from our admins
> before bringing those back online.
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: community-unsubscribe@apache.org
> For additional commands, e-mail: community-help@apache.org
> 


--Apple-Mail-37-714487775
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
">All,<br><div>Please note the following and take action as =
appropriate.</div><div><br></div><div>--kevan</div><div><br><div>Begin =
forwarded message:</div><br =
class=3D"Apple-interchange-newline"><blockquote type=3D"cite"><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px;"><span style=3D"font-family:'Helvetica'; =
font-size:medium; color:rgba(0, 0, 0, 1);"><b>From: </b></span><span =
style=3D"font-family:'Helvetica'; font-size:medium;">Joe Schaefer &lt;<a =
href=3D"mailto:joe_schaefer@yahoo.com">joe_schaefer@yahoo.com</a>&gt;<br><=
/span></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px;"><span =
style=3D"font-family:'Helvetica'; font-size:medium; color:rgba(0, 0, 0, =
1);"><b>Date: </b></span><span style=3D"font-family:'Helvetica'; =
font-size:medium;">April 10, 2010 1:24:14 PM EDT<br></span></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px;"><span style=3D"font-family:'Helvetica'; =
font-size:medium; color:rgba(0, 0, 0, 1);"><b>To: </b></span><span =
style=3D"font-family:'Helvetica'; font-size:medium;"><a =
href=3D"mailto:community@apache.org">community@apache.org</a><br></span></=
div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px;"><span style=3D"font-family:'Helvetica'; =
font-size:medium; color:rgba(0, 0, 0, 1);"><b>Subject: </b></span><span =
style=3D"font-family:'Helvetica'; font-size:medium;"><b>[NOTICE] =
compromised jira passwords</b><br></span></div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span =
style=3D"font-family:'Helvetica'; font-size:medium; color:rgba(0, 0, 0, =
1);"><b>Reply-To: </b></span><span style=3D"font-family:'Helvetica'; =
font-size:medium;"><a =
href=3D"mailto:community@apache.org">community@apache.org</a><br></span></=
div><br><div>Hello Apache community@ [1],<br><br>As you are probably =
aware we have been working to restore services<br>that have been =
compromised by a very targetted attack against Apache's<br>jira =
installation. &nbsp;The good news is that jira is back online, =
with<br>bugzilla and confluence soon to follow [2]. &nbsp;The bad news =
is that the<br>hacker was able to rejigger jira's code to sniff any =
cookies and<br>passwords sent to the server between April 6 and April 9. =
&nbsp;If you<br>used jira at all this week, including via IDE's that =
interface via<br>SOAP, it is IMPERATIVE that you take time to =
immediately reset your<br>jira password, and possibly your ldap password =
if those match up.<br>If you have admin privs in jira your password was =
reset by us, so<br>you'll need to use the password reset form in jira to =
regain access.<br><br>To have a reset password mailed to your contact =
information in jira,<br>visit<br><br><a =
href=3D"https://issues.apache.org/jira/secure/ForgotPassword!default.jspa"=
>https://issues.apache.org/jira/secure/ForgotPassword!default.jspa</a><br>=
<br>When you do login to jira be sure to double-check your contact =
info.<br><br>To change your ldap password login to people.apache.org and =
run<br>/usr/sbin/passwd, or else visit =
https://svn.apache.org/change-password<br>.<br><br>Thanks for your =
patience and diligence in this matter. &nbsp;A blog post<br>will be =
forthcoming which will provide details of the attack and<br>what we have =
done to mitigate future hack attempts.<br><br><br>[1] feel free to =
forward this note to any other apache mailing list,<br>public or =
private.<br><br>[2] at this time we do not believe the hacker =
compromised the confluence<br>and bugzilla installs, but we are awaiting =
confirmation from our admins<br>before bringing those back =
online.<br><br><br><br><br><br>-------------------------------------------=
--------------------------<br>To unsubscribe, e-mail: =
community-unsubscribe@apache.org<br>For additional commands, e-mail: =
community-help@apache.org<br><br></div></blockquote></div><br></body></htm=
l>=

--Apple-Mail-37-714487775--