A quanto ho capito c'è stato un attacco al protocollo openSSL, consiglio , per
chi non usa gmail, che non è sotto attacco, anche di cambiare la password
dell'indirizzo e-mail
Per info : http://www.huffingtonpost.it/2014/04/09/heartbleed-bug-colpito-il-
protocollo-openssl-milioni-di-password_n_5116128.html?utm_hp_ref=italy
Mazzarò
>----Messaggio originale----
>Da: kikkocristian(a)gmail.com
>Data: 9-apr-2014 15.24
>A: "Mailing list per Wikipedia in italiano"<wikiit-l(a)lists.wikimedia.org>
>Ogg: [WikiIT-l] Fwd: [Wikimedia-l] OpenSSL vulnerability
>
>Si consiglia di cambiare la propria password.
>
>Ciao,
>
>C
>---------- Messaggio inoltrato ----------
>Da: "ENWP Pine" <deyntestiss(a)hotmail.com>
>Data: 09/apr/2014 06:21
>Oggetto: [Wikimedia-l] OpenSSL vulnerability
>A: "mediawiki-l(a)lists.wikimedia.org" <mediawiki-l(a)lists.wikimedia.org>, "
>wikimedia-l(a)lists.wikimedia.org" <wikimedia-l(a)lists.wikimedia.org>
>Cc:
>
>
>
>
>
>I'm cross-posting this email from Wikitech-l from Greg Grossmeier. I think
>wide distribution is appropriate especially for contributors who may use
>vulnerable off-wiki communication tools with their Wikimedia password or
>for Wikimedia activity.
>
>--
>Yesterday a widespread issue in OpenSSL was disclosed that would allow
>attackers to gain access to privileged information on any site running a
>vulnerable version of that software. Unfortunately, all Wikimedia
>Foundation hosted wikis are potentially affected.
>
>We have no evidence of any actual compromise to our systems or our users
>information, but as a precautionary measure we are resetting all user
>session tokens. In other words, we will be forcing all logged in users
>to re-login (ie: we are logging everyone out).
>
>All logged in users send a secret session token with each request to the
>site and if a nefarious person were able to intercept that token they
>could impersonate other users. Resetting the tokens for all users will
>have the benefit of making all users reconnect to our servers using the
>updated and fixed version of the OpenSSL software, thus removing this
>potential attack.
>
>As an extra precaution, we recommend all users change their passwords as
>well.
>
>
>Again, there has been no evidence that Wikimedia Foundation users were
>targeted by this attack, but we want all of our users to be as safe as
>possible.
>
>
>Thank you for your understanding and patience,
>
>Greg Grossmeier
>
>
>
>_______________________________________________
>Wikimedia-l mailing list
>Wikimedia-l(a)lists.wikimedia.org
>Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
><mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>
>_______________________________________________
>WikiIT-l mailing list
>WikiIT-l(a)lists.wikimedia.org
>Pagina per iscriversi/disiscriversi: https://lists.wikimedia.
org/mailman/listinfo/wikiit-l
>
Si consiglia di cambiare la propria password.
Ciao,
C
---------- Messaggio inoltrato ----------
Da: "ENWP Pine" <deyntestiss(a)hotmail.com>
Data: 09/apr/2014 06:21
Oggetto: [Wikimedia-l] OpenSSL vulnerability
A: "mediawiki-l(a)lists.wikimedia.org" <mediawiki-l(a)lists.wikimedia.org>, "
wikimedia-l(a)lists.wikimedia.org" <wikimedia-l(a)lists.wikimedia.org>
Cc:
I'm cross-posting this email from Wikitech-l from Greg Grossmeier. I think
wide distribution is appropriate especially for contributors who may use
vulnerable off-wiki communication tools with their Wikimedia password or
for Wikimedia activity.
--
Yesterday a widespread issue in OpenSSL was disclosed that would allow
attackers to gain access to privileged information on any site running a
vulnerable version of that software. Unfortunately, all Wikimedia
Foundation hosted wikis are potentially affected.
We have no evidence of any actual compromise to our systems or our users
information, but as a precautionary measure we are resetting all user
session tokens. In other words, we will be forcing all logged in users
to re-login (ie: we are logging everyone out).
All logged in users send a secret session token with each request to the
site and if a nefarious person were able to intercept that token they
could impersonate other users. Resetting the tokens for all users will
have the benefit of making all users reconnect to our servers using the
updated and fixed version of the OpenSSL software, thus removing this
potential attack.
As an extra precaution, we recommend all users change their passwords as
well.
Again, there has been no evidence that Wikimedia Foundation users were
targeted by this attack, but we want all of our users to be as safe as
possible.
Thank you for your understanding and patience,
Greg Grossmeier
_______________________________________________
Wikimedia-l mailing list
Wikimedia-l(a)lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe>