[Sysadmin] changed list admin passwords

Dean Mah dean.mah at gmail.com
Mon Apr 9 14:11:48 CDT 2007


It might be a good idea to freeze a copy of the configuration file so
that we can revert to a pristine copy in case of accidental or
intentional changes.  Probably grabbing a copy of the config.pck for
each list would do it.

Dean


On 4/9/07, David Kaufman <david at gigawatt.com> wrote:
> The changes to thelist configuration options appear to me to be mild
> vandalism.
>
> I've attached a screenshot of the changes.  Most text options were
> modified only slightly, with a random letter added or inserted.  Most
> Yes/No options were reversed.  The "attacker" appeared to be idly
> testing to see *if* they could make changes, rather than trying to
> maliciously hijack the list.  The list admin password, for instance, was
> not changed.
>
> That would have been bad.
>
> Since the admin passwords for all of our lists were not exactly
> "cryptographically secure" and were in fact, not impossible to guess...
> I've change them all.  Even though only theList was compromised, knowing
> its password significantly increased the attackers ability to determine
> the passwords of the others :-)
>
> If you have root on tempest, please
>
>   sudo cat ~dkaufman/lists/list-admin-pwd.txt # readable only by root!
>
> to get the new Administrator passwords for all lists.
>
> -dave



More information about the Sysadmin mailing list