Re: [OM Cooker] [rosa-devel] my abf account cracked
Any chance that it could be linked to heartbleed vulnerability? 2014-06-16 19:29 GMT+02:00 p...@mandriva.com.br: Em 2014-06-16 05:53, Tomasz Gajc escreveu: So if your account was compromised, why not change password by some admin and give it back to you ? 2014-06-15 21:10 GMT+02:00 symbian...@mandrivausers.ro symbian...@mandrivausers.ro: Il 15/06/2014 19:56, Bernhard Rosenkraenzer ha scritto: On 2014-06-15 16:54, symbian...@mandrivausers.ro wrote: Seems that that some shithead broke into my abf account and start doing builds, Did the guy do any harm (e.g. build bad packages?) Also, is there any chance this was an error rather than a hack? (e.g. you met someone else who works with abf, logged in to your account from his machine, forgot to log out, and he started doing builds not realising he was logged in with your account rather than his own?) It seems unlikely that someone who actually knows what abf is and how to use it would do this... We're not (yet) big enough to be subverted by Microsoftbuntubots ;) Before anything worse happens, I would suggest it should be changed to only allow ssh acccess from command line, no https, with plain text password in .abfcfg... For web access I am not an expert, but something like what fedora does would be cool, i.e. every six month one must regenerate the certs, and (re)import to firefox. We are still very small, but soon or later we can have OpenMandriva used in some environment crackers would want to have an (OpenMandriva exclusive) backdoor that they have planted... ttyl bero Paulo
Re: [OM Cooker] [rosa-devel] my abf account cracked
So if your account was compromised, why not change password by some admin and give it back to you ? 2014-06-15 21:10 GMT+02:00 symbian...@mandrivausers.ro symbian...@mandrivausers.ro: Il 15/06/2014 19:56, Bernhard Rosenkraenzer ha scritto: On 2014-06-15 16:54, symbian...@mandrivausers.ro wrote: Seems that that some shithead broke into my abf account and start doing builds, Did the guy do any harm (e.g. build bad packages?) Also, is there any chance this was an error rather than a hack? (e.g. you met someone else who works with abf, logged in to your account from his machine, forgot to log out, and he started doing builds not realising he was logged in with your account rather than his own?) It seems unlikely that someone who actually knows what abf is and how to use it would do this... We're not (yet) big enough to be subverted by Microsoftbuntubots ;) ttyl bero ___ rosa-devel mailing list rosa-de...@lists.rosalab.ru http://lists.rosalab.ru/mailman/listinfo/rosa-devel I've start tracking my builds 10 days ago , and my guess was confirmed last night and this morning. so no bero , I'll exclude the by mistake thing... since my login in abf neither my wife knows it ... in rosa could only touch contrib, but in oma you know and what is worry me most is my-personal and the community backports, mandrivausersro and rosalinuxro, as for python3 group the gits are already merged So thanks to help of A.Vokhmin my account is banned. -- Greetings ___ MRB ain't no shit Rosalinux.Ro Mandrivausers.Ro Talk is cheap, show me the code.
Re: [OM Cooker] [rosa-devel] my abf account cracked
Em 2014-06-16 05:53, Tomasz Gajc escreveu: So if your account was compromised, why not change password by some admin and give it back to you ? 2014-06-15 21:10 GMT+02:00 symbian...@mandrivausers.ro symbian...@mandrivausers.ro: Il 15/06/2014 19:56, Bernhard Rosenkraenzer ha scritto: On 2014-06-15 16:54, symbian...@mandrivausers.ro wrote: Seems that that some shithead broke into my abf account and start doing builds, Did the guy do any harm (e.g. build bad packages?) Also, is there any chance this was an error rather than a hack? (e.g. you met someone else who works with abf, logged in to your account from his machine, forgot to log out, and he started doing builds not realising he was logged in with your account rather than his own?) It seems unlikely that someone who actually knows what abf is and how to use it would do this... We're not (yet) big enough to be subverted by Microsoftbuntubots ;) Before anything worse happens, I would suggest it should be changed to only allow ssh acccess from command line, no https, with plain text password in .abfcfg... For web access I am not an expert, but something like what fedora does would be cool, i.e. every six month one must regenerate the certs, and (re)import to firefox. We are still very small, but soon or later we can have OpenMandriva used in some environment crackers would want to have an (OpenMandriva exclusive) backdoor that they have planted... ttyl bero Paulo
Re: [OM Cooker] [rosa-devel] my abf account cracked
Il 15/06/2014 19:56, Bernhard Rosenkraenzer ha scritto: On 2014-06-15 16:54, symbian...@mandrivausers.ro wrote: Seems that that some shithead broke into my abf account and start doing builds, Did the guy do any harm (e.g. build bad packages?) Also, is there any chance this was an error rather than a hack? (e.g. you met someone else who works with abf, logged in to your account from his machine, forgot to log out, and he started doing builds not realising he was logged in with your account rather than his own?) It seems unlikely that someone who actually knows what abf is and how to use it would do this... We're not (yet) big enough to be subverted by Microsoftbuntubots ;) ttyl bero ___ rosa-devel mailing list rosa-de...@lists.rosalab.ru http://lists.rosalab.ru/mailman/listinfo/rosa-devel I've start tracking my builds 10 days ago , and my guess was confirmed last night and this morning. so no bero , I'll exclude the by mistake thing... since my login in abf neither my wife knows it ... in rosa could only touch contrib, but in oma you know and what is worry me most is my-personal and the community backports, mandrivausersro and rosalinuxro, as for python3 group the gits are already merged So thanks to help of A.Vokhmin my account is banned. -- Greetings ___ MRB ain't no shit Rosalinux.Ro Mandrivausers.Ro Talk is cheap, show me the code.