[Sysadmin] changed list admin passwords

David Kaufman david at gigawatt.com
Mon Apr 9 14:00:52 CDT 2007


okay i guess attachments arent allowed :-)

Here's the page, as vandalized:
http://www.gigawatt.com/dk/evolt/thelist-admin-GeneralOptions-2007-04-09.png

I've fixed most of the obvious settings.  Am currently looking at the 
unaffected lists to see what settings they use, for the more obscure 
ones.

-dave


David Kaufman <david at gigawatt.com> wrote:
>> The changes to thelist configuration options appear to me to be mild
>> vandalism.
>>
>> I've attached a screenshot of the changes.  Most text options were
>> modified only slightly, with a random letter added or inserted.  Most
>> Yes/No options were reversed.  The "attacker" appeared to be idly
>> testing to see *if* they could make changes, rather than trying to
>> maliciously hijack the list.  The list admin password, for instance,
>> was not changed.
>>
>> That would have been bad.
>>
>> Since the admin passwords for all of our lists were not exactly
>> "cryptographically secure" and were in fact, not impossible to
>> guess... I've change them all.  Even though only theList was
>> compromised, knowing its password significantly increased the
>> attackers ability to determine the passwords of the others :-)
>>
>> If you have root on tempest, please
>>
>>  sudo cat ~dkaufman/lists/list-admin-pwd.txt # readable only by root!
>>
>> to get the new Administrator passwords for all lists.
>>
>> -dave
>>
>>
>
>
>
>>
>>
>> ----------------------------------------
>> so, are we gonna get this vote on for
>> the EvoltSysadmin mascot or what? 




More information about the Sysadmin mailing list