Were only the admin passwords compromised, or also the passwords of the list members (who can set a password to view the membership etc)?
Lodewijk
On Fri, Nov 13, 2015 at 9:05 AM, James Alexander jalexander@wikimedia.org wrote:
Hey Craig,
As far as we know, no, we have not seen any connection between the two.
Sent from my iPhone
James Alexander Manager, Trust & Safety Wikimedia Foundation +1 415-839-6885 x6716
On Nov 12, 2015, at 23:52, Craig Franklin craig.franklin@wikimedia.org.au wrote:
Thankyou for your vigilance on this. Is this security breach related to the one on enwiki last week that led to administrator accounts being compromised?
Cheers, Craig
2015-11-13 15:08 GMT+10:00 Daniel Zahn dzahn@wikimedia.org:
Hello list admins,
due to http://blog.wikimedia.org/2015/11/12/mailman-security-incident/
we have reset all list admin passwords. You should have already received a new pass in the mail earlier.
I just wanted to add that we also changed all _moderator_ passwords, but as opposed to admin passwords we could not just mail the owner address.
We don't expect that many lists actually use a separate moderator role where people moderate who are _not_ also the list admin, but if this is the case for one your lists, please change it to something new and let your moderators know the new password.
Best regards,
-- Daniel Zahn dzahn@wikimedia.org Operations Engineer
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins
Listadmins mailing list Listadmins@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/listadmins