oodt-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mattmann, Chris A (388J)" <chris.a.mattm...@jpl.nasa.gov>
Subject FW: [NOTICE] compromised jira passwords
Date Mon, 12 Apr 2010 13:58:58 GMT
FYI passing this along...

Chris Mattmann, Ph.D.
Senior Computer Scientist
NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA
Office: 171-266B, Mailstop: 171-246
Email: Chris.Mattmann@jpl.nasa.gov
WWW:   http://sunset.usc.edu/~mattmann/
Adjunct Assistant Professor, Computer Science Department
University of Southern California, Los Angeles, CA 90089 USA

------ Forwarded Message
From: Kevan Miller <kevan.miller@gmail.com>
Reply-To: <sis-dev@incubator.apache.org>
Date: Mon, 12 Apr 2010 06:40:49 -0700
To: <aries-dev@incubator.apache.org>, <bval-dev@incubator.apache.org>, <sis-dev@incubator.apache.org>,
<imperius-dev@incubator.apache.org>, <vcl-dev@incubator.apache.org>, <wink-dev@incubator.apache.org>
Subject: Fwd: [NOTICE] compromised jira passwords

Apologies for the cross post, want to be sure the word gets out to my incubator projects...

If you aren't subscribed to community@apache, you should be. If you aren't subscribed, please
note the following information and take action, if needed.


Begin forwarded message:

> From: Joe Schaefer <joe_schaefer@yahoo.com>
> Date: April 10, 2010 1:24:14 PM EDT
> To: community@apache.org
> Subject: [NOTICE] compromised jira passwords
> Reply-To: community@apache.org
> Hello Apache community@ [1],
> As you are probably aware we have been working to restore services
> that have been compromised by a very targetted attack against Apache's
> jira installation.  The good news is that jira is back online, with
> bugzilla and confluence soon to follow [2].  The bad news is that the
> hacker was able to rejigger jira's code to sniff any cookies and
> passwords sent to the server between April 6 and April 9.  If you
> used jira at all this week, including via IDE's that interface via
> SOAP, it is IMPERATIVE that you take time to immediately reset your
> jira password, and possibly your ldap password if those match up.
> If you have admin privs in jira your password was reset by us, so
> you'll need to use the password reset form in jira to regain access.
> To have a reset password mailed to your contact information in jira,
> visit
> https://issues.apache.org/jira/secure/ForgotPassword!default.jspa
> When you do login to jira be sure to double-check your contact info.
> To change your ldap password login to people.apache.org and run
> /usr/sbin/passwd, or else visit https://svn.apache.org/change-password
> .
> Thanks for your patience and diligence in this matter.  A blog post
> will be forthcoming which will provide details of the attack and
> what we have done to mitigate future hack attempts.
> [1] feel free to forward this note to any other apache mailing list,
> public or private.
> [2] at this time we do not believe the hacker compromised the confluence
> and bugzilla installs, but we are awaiting confirmation from our admins
> before bringing those back online.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: community-unsubscribe@apache.org
> For additional commands, e-mail: community-help@apache.org

------ End of Forwarded Message

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message