Could you give a hint how to change the password? Thanks Andreas -----Ursprüngliche Nachricht----- Von: discuss-bounces@xxxxxxxxxxxx [mailto:discuss-bounces@xxxxxxxxxxxx] Im Auftrag von Steven Dake Gesendet: Montag, 24. September 2012 18:26 An: discuss@xxxxxxxxxxxx Betreff: corosync.org compromised Hello, The virtual machine that hosts corosync.org was root compromised recently. It does not appear the compromise resulted in much damage, but as a precautionary measure, corosync.org was reinstalled and several corrective actions have been executed. The site corosync.org provided the following services previously: 1) ftp access to released tarballs 2) website documentation and access 3) buildbot automated functional testing 4) mailing list The git repository is hosted by github and protected by git's hashing mechanisms. No private keys for access to github accounts were stored on the compromised machine. A key risk of this compromise is that the tarballs distributed from corosync.org were in some way modified. When the attack was detected, the virtual machine was shutdown and a snapshot of the filesystem was taken. A diff of every release since 0.95 was extracted from git and diffed against the tarballs that corosync.org distributes. The initial analysis shows that no trees distributed from corosync.org were modified at the time the attack was detected. One possible exception is version 1.2.4, which appears to have been tagged improperly rather then physically attacked. For those that have concern this analysis was done properly, the work can be verified by downloading the 100 MB tarball located here: http://corosync.org/comparison.tar.gz It is possible your mailing list password was compromised. I would recommend changing your mailing list password. A summary of the attack: 1) No distributed tarballs were attacked at the time the attack was detected 2) 1.2.4 should be considered suspect, but looks as if it were tagged improperly rather then attacked 3) mailing list passwords could be compromised A summary of actions we recommend you take: 1) Change your mailing list password 2) If you reused your mailing list password, consider it compromised everywhere it was reused The corrective actions the corosync maintainers are taking are as follows: 1) VM was reinstalled 2) Only mailing list will be hosted at corosync.org 3) Files will be hosted on the github downloads feature 4) SHA256 sums + a signature will be distributed with future tarballs 5) 1.2.4 requires further analysis 6) corosync.org website will be hosted on github pages http://corosync.github.com/corosync/ 7) A cname will point wwww.corosync.org to the corosync github pages to provide a seamless corosync.org website Regards -steve _______________________________________________ discuss mailing list discuss@xxxxxxxxxxxx http://lists.corosync.org/mailman/listinfo/discuss _______________________________________________ discuss mailing list discuss@xxxxxxxxxxxx http://lists.corosync.org/mailman/listinfo/discuss
