[Owasp-leaders] *READ THIS* OWASP eMail Account Holders

Andrea Cogliati andrea.cogliati at owasp.org
Sat Nov 5 17:49:49 EDT 2011


Tom,

thanks for the explanations. On a side note, I forward my @owasp.org email to my main email account, so I hardly login to the web interface. Not sure if this behavior makes my account to look like a dormant/inactive one.

Andrea

On Nov 5, 2011, at 4:31 PM, Thomas Brennan wrote:

> That is not it.. My bad for not providing clarification so here it goes.
> 
> An administrator account was used to access and deliberately forward copies of other owasp individual emails to: lglaporte at googlemail.com 
> 
> To date no one has claimed responsibility for this account or provide a answer to why hence likely an account compromise and compromise of the confidentially of emails. (aren't you glad it's OWASP everything is "open" right...  ) This has been resolved and all 621 accounts and associated settings manually verified (or 2 glasses of Jameson 18) 
> 
> In addition, there are currently 621 @owasp email accounts. Many had no activity, never logged in and or had a blank, default and password that have not been changed since inception in 2008. So change your passwords as this will quickly let me see what accounts are active so we can remove the inactive accounts in the near future.
> 
> As a glutton for punishment and for the lulz I  have taken over the primary unpaid sysop/administration of the googleapps and have delegated user creation, password resets and group management to Kelly, Kate and Sarah. We have 1500+ members 130 chapters and 621 @owasp associated accounts...
> 
> We will continue to offer @owasp email accounts to all members and those that want to use them to evangelize OWASP and we will manage them accordingly.
> 
> In other admin news we are spinning up Akamai and moving Owasp.org to Rackspace.  For those that have cycles are welcomed to help out as part of the hands on decentralized team
> 
> Now back to a family Saturday... Enjoy your weekend too.
> 
> 
> 
> 
> On Nov 5, 2011, at 3:29 PM, Jim Manico <jim.manico at owasp.org> wrote:
> 
>> To my knowledge there is no way for an attacker to reveal/expose a
>> google password. If an attacker compromised our administration
>> console, they could reset passwords or change permissions, but not
>> uncover current passwords.
>> 
>> Has anyone had their password changed unexpectedly, recently?
>> 
>> --
>> Jim Manico
>> (808) 652-3805
>> 
>> On Nov 5, 2011, at 9:07 AM, David Montero Abujas
>> <david.montero at owasp.org> wrote:
>> 
>>> Same question.
>>> David Montero "Raistlin", CISA, CISM, CRISC
>>> OWASP Andalucia
>>> Chapter Leader
>>> 
>>> -----Original Message-----
>>> From: dinis cruz <dinis.cruz at owasp.org>
>>> Sender: owasp-leaders-bounces at lists.owasp.org
>>> Date: Sat, 5 Nov 2011 19:06:39
>>> To: Tom Brennan<tomb at owasp.org>
>>> Cc: owasp-leaders at lists.owasp.org<owasp-leaders at lists.owasp.org>
>>> Subject: Re: [Owasp-leaders] *READ THIS* OWASP eMail Account Holders
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> 
>>> 
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list