A quanto ho capito c'è stato un attacco al protocollo openSSL, consiglio , per chi non usa gmail, che non è sotto attacco, anche di cambiare la password dell'indirizzo e-mail Per info : http://www.huffingtonpost.it/2014/04/09/heartbleed-bug-colpito-il- protocollo-openssl-milioni-di-password_n_5116128.html?utm_hp_ref=italy Mazzarò
>----Messaggio originale---- >Da: [email protected] >Data: 9-apr-2014 15.24 >A: "Mailing list per Wikipedia in italiano"<[email protected]> >Ogg: [WikiIT-l] Fwd: [Wikimedia-l] OpenSSL vulnerability > >Si consiglia di cambiare la propria password. > >Ciao, > >C >---------- Messaggio inoltrato ---------- >Da: "ENWP Pine" <[email protected]> >Data: 09/apr/2014 06:21 >Oggetto: [Wikimedia-l] OpenSSL vulnerability >A: "[email protected]" <[email protected]>, " >[email protected]" <[email protected]> >Cc: > > > > > >I'm cross-posting this email from Wikitech-l from Greg Grossmeier. I think >wide distribution is appropriate especially for contributors who may use >vulnerable off-wiki communication tools with their Wikimedia password or >for Wikimedia activity. > >-- >Yesterday a widespread issue in OpenSSL was disclosed that would allow >attackers to gain access to privileged information on any site running a >vulnerable version of that software. Unfortunately, all Wikimedia >Foundation hosted wikis are potentially affected. > >We have no evidence of any actual compromise to our systems or our users >information, but as a precautionary measure we are resetting all user >session tokens. In other words, we will be forcing all logged in users >to re-login (ie: we are logging everyone out). > >All logged in users send a secret session token with each request to the >site and if a nefarious person were able to intercept that token they >could impersonate other users. Resetting the tokens for all users will >have the benefit of making all users reconnect to our servers using the >updated and fixed version of the OpenSSL software, thus removing this >potential attack. > >As an extra precaution, we recommend all users change their passwords as >well. > > >Again, there has been no evidence that Wikimedia Foundation users were >targeted by this attack, but we want all of our users to be as safe as >possible. > > >Thank you for your understanding and patience, > >Greg Grossmeier > > > >_______________________________________________ >Wikimedia-l mailing list >[email protected] >Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, ><mailto:[email protected]?subject=unsubscribe> >_______________________________________________ >WikiIT-l mailing list >[email protected] >Pagina per iscriversi/disiscriversi: https://lists.wikimedia. org/mailman/listinfo/wikiit-l > _______________________________________________ WikiIT-l mailing list [email protected] Pagina per iscriversi/disiscriversi: https://lists.wikimedia.org/mailman/listinfo/wikiit-l
