Greetings,
You may have read about the recent Apache.org server compromise[1].
While I wish a speedy recovery to our friends at Apache, this is a
reminder that it could happen to Eclipse.org.
As webmasters, systems security is a big part of our business. As
committers, you have write access to our file systems and elevated
privileges on Bugzilla. Many of you have shell accounts on our servers.
A few have admin rights on Hudson. As committers, Eclipse.org
security is also your business.
- Change your passwords. Use good passwords. Don't share your
passwords or account. Keep your passwords safe.
- Use SSH keys. Ask us for help setting this up.
- Tell us if your computer was stolen, or if it was transferred
to someone else. Your SSH key or saved password may be on it.
- If a colleague/team member departs your company or project, let us
know.
Thank you for your usual cooperation. If you have any questions or
concerns, please don't hesitate to ask.
Denis
[1]
http://threatpost.com/en_us/blogs/apache-foundation-hit-targeted-xss-attack-041310
--
Denis Roy
Eclipse Foundation, Inc. -- http://www.eclipse.org/
|