| [eclipse.org-committers] Apache.org server compromise |
|
Greetings, You may have read about the recent Apache.org server compromise[1]. While I wish a speedy recovery to our friends at Apache, this is a reminder that it could happen to Eclipse.org. As webmasters, systems security is a big part of our business. As committers, you have write access to our file systems and elevated privileges on Bugzilla. Many of you have shell accounts on our servers. A few have admin rights on Hudson. As committers, Eclipse.org security is also your business. - Change your passwords. Use good passwords. Don't share your passwords or account. Keep your passwords safe. - Use SSH keys. Ask us for help setting this up. - Tell us if your computer was stolen, or if it was transferred to someone else. Your SSH key or saved password may be on it. - If a colleague/team member departs your company or project, let us know. Thank you for your usual cooperation. If you have any questions or concerns, please don't hesitate to ask. Denis [1] http://threatpost.com/en_us/blogs/apache-foundation-hit-targeted-xss-attack-041310 -- Denis Roy Eclipse Foundation, Inc. -- http://www.eclipse.org/ |