[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Trac accounts and potential account compromise

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Trac accounts and potential account compromise
From: Nusenu <BM-2D8wMEVgGVY76je1WXNPfo8SrpZt5yGHES@xxxxxxxxxxxxx>
Date: Tue, 06 May 2014 02:21:01 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 05 May 2014 22:26:26 -0400
Dkim-signature: v=1; a=rsa-sha256; d=bitmessage.ch; s=mail; c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding:In-Reply-To:References; bh=wnQfgXDkin7LG9AnQ+zIGpcsMuQdls92rR9hOmzOk74=; b=XPthVO8ZfLfwPLcTwvhw9q4Dg1AQKWiobVHMVWUVQfOwVfQEKkrPeUeIGE/pbEhtr5V6CYJ7Pn4dt8HDSsBcC/z3RoDzYCbpHPc20MpJ8hYscYDnGOTS6e9ch1YZkq1ha8sDLL11XGzDaOJWvT40+uTLw2Fm44hvZk4NepR2jIE=
In-reply-to: <53673D74.7060602@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20140502024141.GK19193@xxxxxxxxxxxxxxxxxxxxxxxxxx> <5363E51C.3070107@xxxxxxxxxxxxx> <53673D74.7060602@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Karsten, thanks for taking the time to answer these questions.

> AFAIK, there's no way to find out whether an account has been
> compromised, other than asking users to log in and see if their password
> still works.

Ok, I thought that might be possible by looking into <auth
backend>/trac/apache logs to see if an existing account was registered
again (or more than once).

https://trac.torproject.org/projects/tor/ticket/11545#comment:3

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Trac accounts and potential account compromise
  - From: Karsten Loesing

References:
- [tor-talk] Trac accounts and potential account compromise
  - From: Erinn Clark
- Re: [tor-talk] Trac accounts and potential account compromise
  - From: Nusenu
- Re: [tor-talk] Trac accounts and potential account compromise
  - From: Karsten Loesing

Prev by Author: Re: [tor-talk] Orbot v14 alpha: obfsclient, Tor 0.2.5.3-alpha
Next by Author: [tor-talk] Is tor-announce dead?
Previous by thread: Re: [tor-talk] Trac accounts and potential account compromise
Next by thread: Re: [tor-talk] Trac accounts and potential account compromise
Index(es):
- Author
- Thread