Pereiti prie turinio

Drupal.org - nulaužtas

Nenuspejamas

Sukūrė Nenuspejamas
Tinklalapių kūrimas

 Dalintis Sekėjai 1

Rekomenduojami pranešimai

Nenuspejamas

Nenuspejamas 346

Sukurta
Sukurta

Tai va nulaužė vieną iš didžiausių Open source TVS puslapių DRUPAL.

 

Another day, another big site hacked. 2013 really just hasn’t been a good year for web security.

 

This time around, the site writing the email that noone wants to write is Drupal.org, home of the popular content management platform, Drupal. Though no exact number was shared, it appears that nearly one million user accounts are affected.

 

Also affected are the user accounts of groups.drupal.org, a sub-site meant to help Drupal users establish meetup groups in the real world.

 

Word of the break-in went out this evening, when Drupal began to email affected users.

 

In an FAQ about the hack on their site, Drupal says that they currently have no idea who might be behind the attack. So far, it seems like the hackers had access to usernames, email addresses, and hashed passwords.

 

As is par for the course at this point, Drupal has immediately reset the passwords for every user in the system. If you’re one of the million-or-so users on Drupal.org, you’ll need to confirm your email and pick a new password before regaining access.

 

While you’re at it, you’ll probably want to change your password on any sites where you’ve used a password similar to the one you might’ve used on Drupal.org. While Drupal seems to have done a pretty good job of ensuring that passwords were stored safely (most were both salted and given multiple passes through a hash filter), it’s just good practice. You’d be surprised at how insanely fast password cracking has become.

 

It’s important to note that this hack affects Drupal.org, the website itself, and is not the result of a vulnerability in Drupal, the CMS. In other words: if you’ve got a Drupal-powered site, don’t freak out. According to Drupal Executive Director Holly Ross, the hackers gained access through an exploit in an unnamed third-party tool that Drupal.org was running on their server.

 

Also important to note: Drupal says they store no credit card details on their servers, but they’re still making sure there wasn’t any malicious code put in place to quietly intercept’em without them noticing. They’re recommending that anyone who’s made a transaction on Drupal.org keeps an eye on their statements, just in case.

 

 

http://techcrunch.com/2013/05/29/drupal-org-hacked-user-details-exposed-and-reset/

Nuoroda į pranešimą
Dalintis kituose puslapiuose

Prisijunkite prie diskusijos

Jūs galite rašyti dabar, o registruotis vėliau. Jeigu turite paskyrą, prisijunkite dabar, kad rašytumėte iš savo paskyros.

Svečias
Parašykite atsakymą...

×   Įdėta kaip raiškusis tekstas.   Atkurti formatavimą

  Only 75 emoji are allowed.

×   Nuorodos turinys įdėtas automatiškai.   Rodyti kaip įprastą nuorodą

×   Jūsų anksčiau įrašytas turinys buvo atkurtas.   Išvalyti redaktorių

×   You cannot paste images directly. Upload or insert images from URL.

Įkraunama...
×
 Dalintis
Sekėjai 1
Eiti į temų sąrašą

  • Dabar naršo   0 narių

    Nei vienas registruotas narys šiuo metu nežiūri šio puslapio.

  • Prisijunk prie bendruomenės dabar!

    Uždarbis.lt nariai domisi verslo, IT ir asmeninio tobulėjimo temomis, kartu sprendžia problemas, dalinasi žiniomis ir idėjomis, sutinka būsimus verslo partnerius ir dalyvauja gyvuose susitikimuose.

    Užsiregistruok dabar ir galėsi:

    ✔️ Dalyvauti diskusijose;

    ✔️ Kurti naujas temas;

    ✔️ Rašyti atsakymus;

    ✔️ Vertinti kitų žmonių pranešimus;

    ✔️ Susisiekti su bet kuriuo nariu asmeniškai;

    ✔️ Naudotis tamsia dizaino versija;

    ir dar daugiau.

    Registracija trunka ~30 sek. ir yra visiškai nemokama.

  • Naujausios temos

  • Karštos temos

×
×
  • Pasirinkite naujai kuriamo turinio tipą...