Fwd: Several openSUSE services disabled due to a security breach -> Sicherheitsproblem bei Microfocus

Hallo zusammen, anbei die Weiterleitung einer Mail von Richard Brown. Er meldet darin ein "Sicherheitsproblem" bei der Website von Microfocus, auf der die Zugangsdaten für die ganzen openSUSE-Seiten, wie Forum, OBS, Bugzilla usw. gespeichert sind. Das ganze Ausmaß des Hacks(?) ist noch unklar und wird untersucht. Auf jeden Fall fordert Richard alle auf, prophylaktisch ihr Passwort zu ändern (Der Link unten zu secure-www.novell.com). Ich spare mir die komplette Übersetzung, da sicher noch Mails mit mehr Informationen folgen werden. Gruß, Hendrik -------- Weitergeleitete Nachricht -------- Betreff: [opensuse-factory] Several openSUSE services disabled due to a security breach Datum: Fri, 12 May 2017 16:38:17 +0200 Von: Richard Brown An: opensuse-project , oS-fctry , opensuse-announce@opensuse.org Dear openSUSE Community, We have been informed of a security breach of the MF authentication system used by several openSUSE services. As a result, the openSUSE services using this authentication method are immediately being set to read-only mode/preventing authentication. This includes the openSUSE OBS, wiki, and forums. The scope and impact of the breach is not yet fully clear. The disabling of authentication is to ensure the protection of our systems and user data while the situation is fully investigated. Based on the information available at this time, there is a possibility that the breach is limited to users of non-openSUSE infrastructure that shares the same authentication system. Regardless, is recommended that all users of the affected services and openSUSE bugzilla change their password at the following link: https://secure-www.novell.com/selfreg/jsp/protected/manageAccount.jsp https://status.opensuse.org/ can be used to monitor the status of the services as the incident is further investigated. We do not believe any of the openSUSE Download infrastructure has been compromised, as it does not interact with the MF authentication system. Therefore www.opensuse.org , download.opensuse.org and software.opensuse.org remain operational and safe for all of our users to use. Thank you all for your understanding and support, and expect a further update as soon as we have more information. Regards, -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org -- Um die Liste abzubestellen, schicken Sie eine Mail an: opensuse-de+unsubscribe@opensuse.org Um den Listen Administrator zu erreichen, schicken Sie eine Mail an: opensuse-de+owner@opensuse.org