Menu
▾
▴
[Treebase-devel] Fwd: Perlmonks hacked
|
From: Hilmar L. <hl...@du...> - 2009-07-30 14:59:58
|
FYI. Has the TreeBASE code been fixed meanwhile to store passwords only encrypted so they cannot be recovered? If not, I'm inclined to ask that this be fixed before we open up the application on a NESCent server. In other words, if it hasn't been addressed yet, can we make this a priority now? -hilmar Begin forwarded message: From: Chris Fields <cjf...@gm...> Date: July 30, 2009 9:27:57 AM EDT To: BioPerl List <bio...@li...> Subject: [Bioperl-l] Perlmonks hacked All, In case there are a few users who haven't been notified, PerlMonks has been hacked rather severely: http://perlmonks.org/ The site was unsecure; all passwords were (astonishingly) stored as plain text, are out in the open, can be easily found (I did, and not I will not point them out). If anyone has decided to use a common password for, say Perlmonks and PAUSE (or Amazon, or CitiBank, or...), make sure to change both. Also realize that PerlMonks is NOT https, and that they have NOT patched the security hole yet, so any changed password may be further compromised (don't use a common password). In fact, your PAUSE account may be frozen already due to this: http://use.perl.org/~Alias/journal/39372 It's hard to overstate the intense irony of all this. For some reaction: http://perlhacks.com/2009/07/perl-monks-passwords.php http://blog.afoolishmanifesto.com/archives/1028 <now you can smack you hand against your head in frustration> Good luck! chris _______________________________________________ Bioperl-l mailing list Bio...@li... http://lists.open-bio.org/mailman/listinfo/bioperl-l -- =========================================================== : Hilmar Lapp -:- Durham, NC -:- hlapp at duke dot edu : =========================================================== |
