glob2-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [glob2-devel] Possible YOG compromisation

From: Stéphane Magnenat
Subject: Re: [glob2-devel] Possible YOG compromisation
Date: Wed, 2 Jul 2008 23:59:29 +0200
User-agent: KMail/1.9.9 
On Wednesday 02 July 2008 21:22:00 Bradley Arsenault wrote:
> On Wed, Jul 2, 2008 at 11:21 AM, Stéphane Magnenat <address@hidden>
>
> wrote:
> > On Tuesday 01 July 2008 21:16:29 Bradley Arsenault wrote:
> > > I was minding my own business when I noticed someone logged into the
> > > account genixpro2 on YOG with an IP address from Tampa florida. This
> >
> > means
> >
> > > that not only do they know my password, they also know such an account,
> > > genixpro2 exists, which is either really good luck or they are on our
> > > server.
> >
> > On which server is YOG physically running? Could it be an exploit in our
> > source code? When do you plan to separate again the YOG server from
> > glob2?
> >
> > Have a nice day,
> >
> > Steph
> >
> > --
> > http://stephane.magnenat.net
>
> I don't know how it was accomplished, I only know from when I saw them
> appear and disappear on IRC in my account name.

We should add logging to the YOG server with IP and timestamp.

For the meantime, maybe we should purge all the accounts,

What do you think?

Steph

-- 
http://stephane.magnenat.net
reply via email to
[Prev in Thread] Current Thread [Next in Thread]