Were only the admin passwords compromised, or also the passwords of the
list members (who can set a password to view the membership etc)?
Lodewijk
On Fri, Nov 13, 2015 at 9:05 AM, James Alexander <jalexander(a)wikimedia.org>
wrote:
Hey Craig,
As far as we know, no, we have not seen any connection between the two.
Sent from my iPhone
James Alexander
Manager, Trust & Safety
Wikimedia Foundation
+1 415-839-6885 x6716
On Nov 12, 2015, at 23:52, Craig Franklin <craig.franklin(a)wikimedia.org.au>
wrote:
Thankyou for your vigilance on this. Is this security breach related to
the one on enwiki last week that led to administrator accounts being
compromised?
Cheers,
Craig
2015-11-13 15:08 GMT+10:00 Daniel Zahn <dzahn(a)wikimedia.org>rg>:
Hello list admins,
due to
http://blog.wikimedia.org/2015/11/12/mailman-security-incident/
we have reset all list admin passwords. You should have already received
a new pass in the mail earlier.
I just wanted to add that we also changed all _moderator_ passwords, but
as opposed to admin passwords we could not just mail the owner address.
We don't expect that many lists actually use a separate moderator role
where people moderate who are _not_ also the list admin, but if this is the
case for one your lists, please change it to something new and let your
moderators know the new password.
Best regards,
--
Daniel Zahn <dzahn(a)wikimedia.org>
Operations Engineer
_______________________________________________
Listadmins mailing list
Listadmins(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/listadmins
_______________________________________________
Listadmins mailing list
Listadmins(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/listadmins
_______________________________________________
Listadmins mailing list
Listadmins(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/listadmins