[Owasp-leaders] *READ THIS* OWASP eMail Account Holders

Thomas Brennan tomb at owasp.org
Sat Nov 5 16:31:33 EDT 2011


That is not it.. My bad for not providing clarification so here it goes.

An administrator account was used to access and deliberately forward copies of other owasp individual emails to: lglaporte at googlemail.com 

To date no one has claimed responsibility for this account or provide a answer to why hence likely an account compromise and compromise of the confidentially of emails. (aren't you glad it's OWASP everything is "open" right...  ) This has been resolved and all 621 accounts and associated settings manually verified (or 2 glasses of Jameson 18) 

In addition, there are currently 621 @owasp email accounts. Many had no activity, never logged in and or had a blank, default and password that have not been changed since inception in 2008. So change your passwords as this will quickly let me see what accounts are active so we can remove the inactive accounts in the near future.

As a glutton for punishment and for the lulz I  have taken over the primary unpaid sysop/administration of the googleapps and have delegated user creation, password resets and group management to Kelly, Kate and Sarah. We have 1500+ members 130 chapters and 621 @owasp associated accounts...

We will continue to offer @owasp email accounts to all members and those that want to use them to evangelize OWASP and we will manage them accordingly.

In other admin news we are spinning up Akamai and moving Owasp.org to Rackspace.  For those that have cycles are welcomed to help out as part of the hands on decentralized team

Now back to a family Saturday... Enjoy your weekend too.




On Nov 5, 2011, at 3:29 PM, Jim Manico <jim.manico at owasp.org> wrote:

> To my knowledge there is no way for an attacker to reveal/expose a
> google password. If an attacker compromised our administration
> console, they could reset passwords or change permissions, but not
> uncover current passwords.
> 
> Has anyone had their password changed unexpectedly, recently?
> 
> --
> Jim Manico
> (808) 652-3805
> 
> On Nov 5, 2011, at 9:07 AM, David Montero Abujas
> <david.montero at owasp.org> wrote:
> 
>> Same question.
>> David Montero "Raistlin", CISA, CISM, CRISC
>> OWASP Andalucia
>> Chapter Leader
>> 
>> -----Original Message-----
>> From: dinis cruz <dinis.cruz at owasp.org>
>> Sender: owasp-leaders-bounces at lists.owasp.org
>> Date: Sat, 5 Nov 2011 19:06:39
>> To: Tom Brennan<tomb at owasp.org>
>> Cc: owasp-leaders at lists.owasp.org<owasp-leaders at lists.owasp.org>
>> Subject: Re: [Owasp-leaders] *READ THIS* OWASP eMail Account Holders
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20111105/ec4da312/attachment.html 


More information about the OWASP-Leaders mailing list