Thanks for letting us know David. Good to be kept informed.
On 9 April 2014 13:31, David Richfield <[email protected]> wrote: > Hi all, > > I'm forwarding this for those of you who are concerned about online > security. > > Kind regards, > > David > > ---------- Forwarded message ---------- > From: ENWP Pine <[email protected]> > Date: Wed, Apr 9, 2014 at 6:21 AM > Subject: [Wikimedia-l] OpenSSL vulnerability > To: "[email protected]" > <[email protected]>, "[email protected]" > <[email protected]> > > > > > > > I'm cross-posting this email from Wikitech-l from Greg Grossmeier. I > think wide distribution is appropriate especially for contributors who > may use vulnerable off-wiki communication tools with their Wikimedia > password or for Wikimedia activity. > > -- > Yesterday a widespread issue in OpenSSL was disclosed that would allow > attackers to gain access to privileged information on any site running a > vulnerable version of that software. Unfortunately, all Wikimedia > Foundation hosted wikis are potentially affected. > > We have no evidence of any actual compromise to our systems or our users > information, but as a precautionary measure we are resetting all user > session tokens. In other words, we will be forcing all logged in users > to re-login (ie: we are logging everyone out). > > All logged in users send a secret session token with each request to the > site and if a nefarious person were able to intercept that token they > could impersonate other users. Resetting the tokens for all users will > have the benefit of making all users reconnect to our servers using the > updated and fixed version of the OpenSSL software, thus removing this > potential attack. > > As an extra precaution, we recommend all users change their passwords as > well. > > > Again, there has been no evidence that Wikimedia Foundation users were > targeted by this attack, but we want all of our users to be as safe as > possible. > > > Thank you for your understanding and patience, > > Greg Grossmeier > > > > _______________________________________________ > Wikimedia-l mailing list > [email protected] > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:[email protected]?subject=unsubscribe> > > > -- > David Richfield > [[:en:User:Slashme]] > +49 176 72663368 > > _______________________________________________ > WikimediaZA mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikimediaza > -- Douglas Ian Scott 司道格 Skype: douglas0scott South African mobile number: +27 (0)79 515 8727
_______________________________________________ WikimediaZA mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikimediaza
