Thanks for the heads-up, Greg. However, I'm finding that I am being repeatedly logged out...it's happened every other edit I've made tonight, which is a real pain. Will report on IRC as well.
Risker/Anne On 8 April 2014 16:57, Greg Grossmeier <g...@wikimedia.org> wrote: > FYI to this audience as well: > > We're reseting all user session tokens today due to heartbleed. > > What I didn't state below is that we have already replaced our SSL certs > as well as upgraded to the fixed version of openssl. > > ----- Forwarded message from Greg Grossmeier <g...@wikimedia.org> ----- > > > Date: Tue, 8 Apr 2014 13:54:26 -0700 > > From: Greg Grossmeier <g...@wikimedia.org> > > To: Wikitech Ambassadors <wikitech-ambassad...@lists.wikimedia.org> > > Subject: Security precaution - Resetting all user sessions today > > > > Yesterday a widespread issue in OpenSSL was disclosed that would allow > > attackers to gain access to privileged information on any site running a > > vulnerable version of that software. Unfortunately, all Wikimedia > > Foundation hosted wikis are potentially affected. > > > > We have no evidence of any actual compromise to our systems or our users > > information, but as a precautionary measure we are resetting all user > > session tokens. In other words, we will be forcing all logged in users > > to re-login (ie: we are logging everyone out). > > > > All logged in users send a secret session token with each request to the > > site and if a nefarious person were able to intercept that token they > > could impersonate other users. Resetting the tokens for all users will > > have the benefit of making all users reconnect to our servers using the > > updated and fixed version of the OpenSSL software, thus removing this > > potential attack. > > > > As an extra precaution, we recommend all users change their passwords as > > well. > > > > > > Again, there has been no evidence that Wikimedia Foundation users were > > targeted by this attack, but we want all of our users to be as safe as > > possible. > > > > > > Thank you for your understanding and patience, > > > > Greg Grossmeier > > > > > > -- > > | Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E | > > | identi.ca: @greg A18D 1138 8E47 FAC8 1C7D | > > > > ----- End forwarded message ----- > > -- > | Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E | > | identi.ca: @greg A18D 1138 8E47 FAC8 1C7D | > > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
