[EasyLinux-Suse] Fw: Several openSUSE services disabled due to a security breach

Jan-Uwe Kögel klappstulle at directbox.com
Sa Mai 13 19:18:06 CEST 2017


Auf die Websiten von Microfocus, bzw. auf die dahinter stehenden
Datenbanken mit Zugangsdaten gab es offenbar einen gezielten Angriff:


-------- Weitergeleitete Nachricht --------
Betreff: [opensuse-factory] Several openSUSE services disabled due to a
security breach
Datum: Fri, 12 May 2017 16:38:17 +0200
Von: Richard Brown <RBrownCCB at opensuse.org>
An: opensuse-project <opensuse-project at opensuse.org>, oS-fctry
<opensuse-factory at opensuse.org>, opensuse-announce at opensuse.org
<opensuse-announce at opensuse.org>

Dear openSUSE Community,

We have been informed of a security breach of the MF authentication
system used by several openSUSE services.

As a result, the openSUSE services using this authentication method
are immediately being set to read-only mode/preventing authentication.

This includes the openSUSE OBS, wiki, and forums.

The scope and impact of the breach is not yet fully clear. The
disabling of authentication is to ensure the protection of our systems
and user data while the situation is fully investigated.

Based on the information available at this time, there is a
possibility that the breach is limited to users of non-openSUSE
infrastructure that shares the same authentication system.

Regardless, is recommended that all users of the affected services and
openSUSE bugzilla change their password at the following link:
https://secure-www.novell.com/selfreg/jsp/protected/manageAccount.jsp

https://status.opensuse.org/ can be used to monitor the status of the
services as the incident is further investigated.

We do not believe any of the openSUSE Download infrastructure has been
compromised, as it does not interact with the MF authentication
system.

Therefore www.opensuse.org , download.opensuse.org and
software.opensuse.org remain operational and safe for all of our users
to use.

Thank you all for your understanding and support, and expect a further
update as soon as we have more information.

Regards,
-- 
To unsubscribe, e-mail: opensuse-factory+unsubscribe at opensuse.org
To contact the owner, e-mail: opensuse-factory+owner at opensuse.org


Betroffen sind wahrscheinlich alle, die bei SUSE einen Account haben.
Foren, OBS, SLES-Registrierung, Bugzilla usw.
Wer dafür einen Zugang hat sollte dringend seine Zugansdaten ändern.

-- 
Jan-Uwe Kögel
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : nicht verfügbar
Dateityp    : application/pgp-signature
Dateigröße  : 488 bytes
Beschreibung: nicht verfügbar
URL         : <http://www.easylinux.de/pipermail/suse/attachments/20170513/5f7e14b0/attachment.pgp>


Mehr Informationen über die Mailingliste Suse