hadoop-pig-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dmitriy Ryaboy <dvrya...@gmail.com>
Subject Please change your Jira passwords
Date Tue, 13 Apr 2010 06:29:51 GMT
Apache systems were attacked earlier this month; details here:

https://blogs.apache.org/infra/entry/apache_org_04_09_2010

Particularly important bit:
Password Security

*If you are a user of the Apache hosted JIRA, Bugzilla, or Confluence, a
hashed copy of your password has been compromised.*

JIRA and Confluence both use a SHA-512 hash, but without a random salt. We
believe the risk to simple passwords based on dictionary words is quite
high, and most users should rotate their passwords.

Bugzilla uses a SHA-256, including a random salt. The risk for most users is
low to moderate, since pre-built password dictionaries are not effective,
but we recommend users should still remove these passwords from use.

In addition, if you logged into the Apache JIRA instance between April 6th
and April 9th, you should consider the password as compromised, because the
attackers changed the login form to log them.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message