That's really informative , thanks David
On Wed, Apr 9, 2014 at 3:06 PM, Douglas Scott <[email protected]>wrote: > Thanks for letting us know David. Good to be kept informed. > > > On 9 April 2014 13:31, David Richfield <[email protected]> wrote: > >> Hi all, >> >> I'm forwarding this for those of you who are concerned about online >> security. >> >> Kind regards, >> >> David >> >> ---------- Forwarded message ---------- >> From: ENWP Pine <[email protected]> >> Date: Wed, Apr 9, 2014 at 6:21 AM >> Subject: [Wikimedia-l] OpenSSL vulnerability >> To: "[email protected]" >> <[email protected]>, "[email protected]" >> <[email protected]> >> >> >> >> >> >> >> I'm cross-posting this email from Wikitech-l from Greg Grossmeier. I >> think wide distribution is appropriate especially for contributors who >> may use vulnerable off-wiki communication tools with their Wikimedia >> password or for Wikimedia activity. >> >> -- >> Yesterday a widespread issue in OpenSSL was disclosed that would allow >> attackers to gain access to privileged information on any site running a >> vulnerable version of that software. Unfortunately, all Wikimedia >> Foundation hosted wikis are potentially affected. >> >> We have no evidence of any actual compromise to our systems or our users >> information, but as a precautionary measure we are resetting all user >> session tokens. In other words, we will be forcing all logged in users >> to re-login (ie: we are logging everyone out). >> >> All logged in users send a secret session token with each request to the >> site and if a nefarious person were able to intercept that token they >> could impersonate other users. Resetting the tokens for all users will >> have the benefit of making all users reconnect to our servers using the >> updated and fixed version of the OpenSSL software, thus removing this >> potential attack. >> >> As an extra precaution, we recommend all users change their passwords as >> well. >> >> >> Again, there has been no evidence that Wikimedia Foundation users were >> targeted by this attack, but we want all of our users to be as safe as >> possible. >> >> >> Thank you for your understanding and patience, >> >> Greg Grossmeier >> >> >> >> _______________________________________________ >> Wikimedia-l mailing list >> [email protected] >> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, >> <mailto:[email protected]?subject=unsubscribe> >> >> >> -- >> David Richfield >> [[:en:User:Slashme]] >> +49 176 72663368 >> >> _______________________________________________ >> WikimediaZA mailing list >> [email protected] >> https://lists.wikimedia.org/mailman/listinfo/wikimediaza >> > > > > -- > Douglas Ian Scott > 司道格 > Skype: douglas0scott > South African mobile number: +27 (0)79 515 8727 > > _______________________________________________ > WikimediaZA mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikimediaza > >
_______________________________________________ WikimediaZA mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikimediaza
