imported>mutante mNo edit summary |
imported>mutante mNo edit summary |
||
| Line 1: | Line 1: | ||
November 26, 2004 (webmaster) |
November 26, 2004 (webmaster) |
||
Durch einen bislang unbekannten TWiki-Exploit wurde unauthorisierter Zugriff für einige spanische Hackerkollegen auf CCC Server möglich. Dabei sind in Vergessenheit geratene Registrierungsdaten des Chaos Communication Camp 2003 |
Durch einen bislang unbekannten [[TWiki]]-[[Exploit]] wurde unauthorisierter Zugriff für einige spanische Hackerkollegen auf [[CCC]] Server möglich. Dabei sind in Vergessenheit geratene Registrierungsdaten des Chaos Communication Camp 2003 veröffentlicht worden. |
||
http://www.ccc.de/updates/2004/camp-server-hack?language=en |
http://www.ccc.de/updates/2004/camp-server-hack?language=en |
||
| Line 8: | Line 8: | ||
http://www.digitalsec.net/stuff/fun/CCC/ |
http://www.digitalsec.net/stuff/fun/CCC/ |
||
...The server has been used for hosting another TWiki installation after |
...The server has been used for hosting another [[TWiki]] installation after |
||
the camp, but the organization crew left planet earth due to |
the camp, but the organization crew left planet [[earth]] due to |
||
extraterrestrial commitments and more or less forgot about its existence. |
[[extraterrestrial]] commitments and more or less forgot about its existence. |
||
Our spanish colleagues succesfully broke into this machine, exploiting a |
Our spanish colleagues succesfully broke into this machine, exploiting a |
||
newly found bug in the TWiki software, and published part of the stuff. |
newly found bug in the [[TWiki]] [[software]], and published part of the stuff. |
||
This includes personal registration data as well as crypt passwords for |
This includes personal registration data as well as [[crypt]] passwords for |
||
Wiki users. While the |
Wiki users. While the [[password]]s are not available in clear text, they |
||
are susceptible to a dictionary attack. Therefore, these passwords must |
are susceptible to a dictionary attack. Therefore, these passwords must |
||
be considered compromised, so we urge anybody who used the same password |
be considered compromised, so we urge anybody who used the same password |
||
Revision as of 12:12, 13 March 2005
November 26, 2004 (webmaster) Durch einen bislang unbekannten TWiki-Exploit wurde unauthorisierter Zugriff für einige spanische Hackerkollegen auf CCC Server möglich. Dabei sind in Vergessenheit geratene Registrierungsdaten des Chaos Communication Camp 2003 veröffentlicht worden.
http://www.ccc.de/updates/2004/camp-server-hack?language=en
http://www.digitalsec.net/stuff/fun/CCC/ccc_and_cccs.txt
http://www.digitalsec.net/stuff/fun/CCC/
...The server has been used for hosting another TWiki installation after the camp, but the organization crew left planet earth due to extraterrestrial commitments and more or less forgot about its existence.
Our spanish colleagues succesfully broke into this machine, exploiting a newly found bug in the TWiki software, and published part of the stuff. This includes personal registration data as well as crypt passwords for Wiki users. While the passwords are not available in clear text, they are susceptible to a dictionary attack. Therefore, these passwords must be considered compromised, so we urge anybody who used the same password for camp registration or TWiki and any other system to take appropriate measures.