donators

n@work Internet Informationssysteme GmbH
Your ad here

sponsors

TYPO3 Blog
TYPO3 Anbieter

My iPhone Apps


Get PwGen now for FREE in AppStore

Get PwGen Pro in AppStore

support @ Amazon

If you like to support this site and you want to by something at Amazon, please use this link for purchasing your desired items. This does not cost you anything more than the normal price but I got a small revenue from your order.
Thank you!

Advertising

print page print page

typo3.org password leaked - CHANGE YOUR PASSWORDS

By: Thomas

14.11.08 13:40 Age: 54 days

Hello,

An unauthorized person gained administrative access to typo3.org backend due to a weak password of one of the backend users. The backend was NOT hacked as I wrote before.

All accounts are currently locked. Because of the single sign on solution, this also affects forge and bugs and some other domains. It's highly recommend to change all your passwords that might be similar to the password you used as your typo3.org account. To make it clear! This affects ALL frontend user accounts. Not only the backend users!

It's a really bad situation and even if the passwords where stored a md5 hashes. If you have very simple passwords (a single word for example) it is possible to get your password from a dictionary for example! So once again: 

CHANGE YOUR PASSWORDS IF THEY ARE SIMILAR TO THE TYPO3.ORG FE ACCOUNT!

 

Greets,
Thomas

 


Please leave a comment

Back to: Blog

2 Responses to “typo3.org password leaked - CHANGE YOUR PASSWORDS”

#1: Juergen Egeling commented on Saturday, 15-11-08 17:38

Gravatar: Juergen Egeling

Hi,
as far as we investigated, typo3.org was not hacked, but one password was exposed, and a person not allowed to use the backend was using a backend login. I recommend reading http://en.wikipedia.org/wiki/Social_engineering_(computer_security) and http://en.wikipedia.org/wiki/Password_policy (do not have the same pasword on two websites.)
best
Juergen


#2: Thomas commented on Saturday, 15-11-08 21:00

Gravatar: Thomas

Hi Jürgen,

yes you're right. The page was actually not hacked and I used an inappropriate wording. Changed that.

Greets,
Thomas


Leave a Reply

You have to activate JavaScript to post comments!

Calendar

November 2008
M T W T F S S
« Oct   Jan »
 12
3456789
10111213141516
17181920212223
24252627282930

Tagcloud

page t3editor web TYPO3 development installer personal podcast community t3board

Latest comments

  • Anoop

    Thomas, Looking forward to it and like Mario said if you need a beta tester I sign up too! Cheers.

  • Mario Rimann

    Hi Thomas Sounds great, that you'll keep the site up and running! I use it pretty often to look ...

  • Thomas Hempel

    Hi Klaus, sorry, but you're a a few weeks too late. ;-) Greets, Thomas...

  • Klaus

    Hi, great idea, i am using the great app, but now i need a license... Thanks a lot

  • John Smyth

    How do we get a copy of this, I have been watching the t3con mailing list but no links have appeared...

Blogroll

Advertising

Meta







Valid XHTML 1.0 Strict
Valid CSS!