link to the twitter incident
[Imported from Trac: page TracSecurityOverview, version 2]
parent
ed35617b3c
commit
18ee108e6c
|
@ -5,7 +5,7 @@ This is just a quick'n'dirty document to help users make informed decisions abou
|
||||||
|
|
||||||
## Recommendations
|
## Recommendations
|
||||||
|
|
||||||
* Don't use a password which you use elsewhere. (See: Twitter incident) [Find ref.]FIXME:
|
* Don't use a password which you use elsewhere. (See: [Twitter incident](@@http://testgrid.allmydata.org:3567/file/URI:CHK:nm72blax6oqt3fui3dnrhahszq:wcpjaneyqzf4bw752izfey44abql6ywync2vweejsmnohyiwkkia:3:10:275196/@@named=/the-anatomy-of-the-twitter-attack.html@@)) (the short story is that there were no technical security flaws, but users used the same creds on an "unimportant" service as well as a different critical service, so the attacker could escalate the attack across services.)
|
||||||
* Don't expect the ticket database to be non-corrupt or reliable or persistent.
|
* Don't expect the ticket database to be non-corrupt or reliable or persistent.
|
||||||
* Backup the ticket database and wiki pages regularly! Use snapshots so corruption does not overwrite correct data.
|
* Backup the ticket database and wiki pages regularly! Use snapshots so corruption does not overwrite correct data.
|
||||||
|
|
||||||
|
@ -24,5 +24,4 @@ This is just a quick'n'dirty document to help users make informed decisions abou
|
||||||
## To Do
|
## To Do
|
||||||
|
|
||||||
* Search for existing Trac security references.
|
* Search for existing Trac security references.
|
||||||
* Verify that plaintext passwords are stored.
|
* Verify that plaintext passwords are stored.
|
||||||
* Find Twitter incident ref (the short story is that there were no technical security flaws, but users used the same creds on an "unimportant" service as well as a different critical service, so the attacker could escalate the attack across services.)
|
|
Loading…
Reference in a new issue