[Bioperl-l] Perlmonks hacked

Chris Fields cjfields1 at gmail.com
Thu Jul 30 13:27:57 UTC 2009


All,

In case there are a few users who haven't been notified, PerlMonks has  
been hacked rather severely:

http://perlmonks.org/

The site was unsecure; all passwords were (astonishingly) stored as  
plain text, are out in the open, can be easily found (I did, and not I  
will not point them out).  If anyone has decided to use a common  
password for, say Perlmonks and PAUSE (or Amazon, or CitiBank, or...),  
make sure to change both.  Also realize that PerlMonks is NOT https,  
and that they have NOT patched the security hole yet, so any changed  
password may be further compromised (don't use a common password).

In fact, your PAUSE account may be frozen already due to this:

http://use.perl.org/~Alias/journal/39372

It's hard to overstate the intense irony of all this. For some reaction:

http://perlhacks.com/2009/07/perl-monks-passwords.php
http://blog.afoolishmanifesto.com/archives/1028

<now you can smack you hand against your head in frustration>

Good luck!

chris



More information about the Bioperl-l mailing list