[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Trac accounts and potential account compromise

On 06/05/14 04:21, Nusenu wrote:
> Karsten, thanks for taking the time to answer these questions.
>> AFAIK, there's no way to find out whether an account has been
>> compromised, other than asking users to log in and see if their password
>> still works.
> Ok, I thought that might be possible by looking into <auth
> backend>/trac/apache logs to see if an existing account was registered
> again (or more than once).

You're right, that might work.  I don't have access to those logs, so
I'll leave it to Erinn to decide whether she wants to investigate this more.

To be honest, it's rather unlikely that somebody would have compromised
an account with no special privileges and left the developer and admin
accounts untouched.  And we already made sure that none of the latter
has been compromised by asking people.

All the best,

> https://trac.torproject.org/projects/tor/ticket/11545#comment:3

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to