All, you go to http://sso.ops4j.org, log in and change your passwords (I think it is the link in the upper right corner).
Lemme know if there are problems! Cheers, /peter neubauer COO and Sales, Neo Technology GTalk: neubauer.peter Skype peter.neubauer Phone +46 704 106975 LinkedIn http://www.linkedin.com/in/neubauer Twitter http://twitter.com/peterneubauer http://www.neo4j.org - Your high performance graph database. http://nosqleu.com - The biggest NOSQL event. Ever. http://www.thoughtmade.com - Scandinavias coolest Bring-a-Thing party. On Tue, Apr 13, 2010 at 6:58 PM, Martin Ellis <mar...@ellis.name> wrote: > So... how do we change our ops4j passwords, then? > > Martin > > > ---------- Forwarded message ---------- > From: <r...@apache.org> > Date: 13 April 2010 17:42 > Subject: issues.apache.org compromised: please update your passwords > To: Martin Ellis <mar...@ellis.name> > > > On April 6 the issues.apache.org server was hacked. The attackers were > able to install a trojan JIRA login screen and later get full root > access: > > https://blogs.apache.org/infra/entry/apache_org_04_09_2010 > > We are assuming that the attackers have a copy of the JIRA database, > which includes a hash (SHA-512 unsalted) of the password > you set when signing up as 'mart' to JIRA. If the password you set was > not of great quality (eg. based on a dictionary word), it > should be assumed that the attackers can guess your password from the > password hash via brute force. > > The upshot is that someone malicious may know both your email address > and a password of yours. > > This is a problem because many people reuse passwords across online > services. If you reuse passwords across systems, we urge you to change > your passwords on ALL SYSTEMS that might be using the compromised JIRA > password. Prime examples might be gmail or hotmail accounts, online > banking sites, or sites known to be related to your email's domain, > ellis.name. > > Naturally we would also like you to reset your JIRA password. That can > be done at: > > https://issues.apache.org/jira/secure/ForgotPassword!default.jspa?username=mart > > We (the Apache JIRA administrators) sincerely apologize for this > security breach. If you have any questions, please let us know by > email. > We are also available on the #asfinfra IRC channel on irc.freenode.net. > > > Regards, > > The Apache Infrastructure Team > > _______________________________________________ > general mailing list > general@lists.ops4j.org > http://lists.ops4j.org/mailman/listinfo/general > > _______________________________________________ general mailing list general@lists.ops4j.org http://lists.ops4j.org/mailman/listinfo/general
