Thanks for letting us know. The website has gone through several server migrations and I guess at some point cgi-bin became visible. I’ve taken cgi-bin offline to assess the damage. So far it looks like the email addresses and hashed passwords of accounts in the old FAQ-O-Matic have been leaked. Since I was moving away from using the FOM anyway, I’ll shut it down and sent out a warning notice to those FOM users.
From: Dillon Beresford Sent: Sunday, April 10, 2011 3:49 AM To: [email protected] Cc: Jeffrey Walton Subject: CryptoPP cgi-bin/ visible to world. Hi Wei/Jeff/All, The cgi-bin/ index is visible on http://www.cryptopp.com, Wei, you might want take a look at your server... Also the form-meta/ directory inside cgi-bin/ is visible as well. I just noticed this when searching for some CryptoPP documentation on the site which redirected me to the directory. This dosesnt look good man... http://www.cryptopp.com/cgi-bin/fom-meta/ http://www.cryptopp.com/cgi-bin/fom-meta/cookies http://www.cryptopp.com/cgi-bin/fom-meta/idfile Best, -Dillon Beresford -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
