On 13 November 2015 at 05:16, James Alexander <jalexander(a)wikimedia.org>
wrote:
On Fri, Nov 13, 2015 at 1:23 AM, Lodewijk
<lodewijk(a)effeietsanders.org>
wrote:
Were only the admin passwords compromised, or
also the passwords of the
list members (who can set a password to view the membership etc)?
Lodewijk
All passwords were reset, including list member passwords. Because list
member passwords can go through a "retrieve password" + they get periodic
reminders automatically mass emails about those resets were not sent out
however. (I believe we may be adding a note in the auto reminder about how
they were reset... but not entirely sure, I will leave that for ops)
Hold on. As a list administrator for 3 lists, I received emails to change
the listadmin password for all three, and have done so and shared the new
password with the rest of the list admins.
However, as a list subscriber, I have yet to receive an email telling me
that there is a forced password change for any WMF-based list to which I
subscribe. Some questions are in order about this element, which is not
mentioned in the blog, and will affect tens of thousands of users.
- Do subscribers have to change their password for each WMF-based
mailman mailing list separately, or can they use the "one password for all
lists" function that currently exists to change all of the passwords at
once? (Keep in mind that most of the mailing lists are at least
semi-public, so this is not really a big deal.)
- If not, what happens to those subscriptions? are they discontinued if
the user does not update his or her password, or do they just continue?
I think that there are a lot of valid points being made about the inherent
problem of having listadmin passwords that are not user-specific. At the
same time, we should keep in mind that the core issue here is that a few
listadmins appear to have used the same password for listadmin duties as
they were using for other accounts. All the password protection systems in
the world are not going to change what happened here, if people are going
to use obviously insecure, shared passwords as personal passwords as well.
Risker/Anne