Just wanted to touch base with everyone since I didn't make the meeting Thursday. I found a new job, am in the process of relocating to Chicago and am finishing up the semester, so time is short, but once I get moved things should quickly settle into a routine and I'll be able to more regularly contribute.
sart
-----Original Message----- From: infrastructure-bounces@lists.fedoraproject.org [mailto:infrastructure-bounces@lists.fedoraproject.org] On Behalf Of infrastructure-request@lists.fedoraproject.org Sent: Saturday, February 15, 2014 6:00 AM To: infrastructure@lists.fedoraproject.org Subject: infrastructure Digest, Vol 93, Issue 21
Send infrastructure mailing list submissions to infrastructure@lists.fedoraproject.org
To subscribe or unsubscribe via the World Wide Web, visit https://admin.fedoraproject.org/mailman/listinfo/infrastructure or, via email, send a message with subject or body 'help' to infrastructure-request@lists.fedoraproject.org
You can reach the person managing the list at infrastructure-owner@lists.fedoraproject.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of infrastructure digest..."
Today's Topics:
1. Re: Mailing-List Subscription Capta? (Michael Scherer) 2. Re: Mailing-List Subscription Capta? (Frank Murphy) 3. Re: ask.fp.o potential account hijacking with facebook oauth (Achilleas Pipinellis) 4. Re: February status update for Fedora Infrastructure Apprentices (Dan Mossor)
----------------------------------------------------------------------
Message: 1 Date: Fri, 14 Feb 2014 16:32:26 +0100 From: Michael Scherer misc@zarb.org To: Fedora Infrastructure infrastructure@lists.fedoraproject.org Subject: Re: Mailing-List Subscription Capta? Message-ID: 1392391946.28162.15.camel@liliana.cdg.redhat.com Content-Type: text/plain; charset="UTF-8"
Le vendredi 14 février 2014 à 07:46 +0000, Frank Murphy a écrit :
On Thu, 13 Feb 2014 23:38:56 +0100 Michael Scherer misc@zarb.org wrote:
What is the issue that would be solved by it ?
Script subscriptions, time wasting,
while I understand theses 2
trying to find the real person.
I fail to understand this one.
-- Michael Scherer
------------------------------
Message: 2 Date: Fri, 14 Feb 2014 15:39:49 +0000 From: Frank Murphy frankly3d@gmail.com To: infrastructure@lists.fedoraproject.org Subject: Re: Mailing-List Subscription Capta? Message-ID: 20140214153949.6bd0b259@frank01.frankly3d.home Content-Type: text/plain; charset=US-ASCII
On Fri, 14 Feb 2014 16:32:26 +0100 Michael Scherer misc@zarb.org wrote:
trying to find the real person.
I fail to understand this one.
Person applies to fas using: john@doe.com applies to ml using: jd@gmail.com
same person, doesn't always even use the same "Real Name" John aka Jonathan aka some other version of it.
but hard to spot with the other stuff, which has to be cleared first, and hope mistake is not made.
___ Regards Frank frankly3d.com
------------------------------
Message: 3 Date: Fri, 14 Feb 2014 17:42:11 +0200 From: Achilleas Pipinellis axilleaspi@ymail.com To: infrastructure@lists.fedoraproject.org Subject: Re: ask.fp.o potential account hijacking with facebook oauth Message-ID: 52FE3953.4020405@ymail.com Content-Type: text/plain; charset=UTF-8
On 13/02/2014 08:42 μμ, Kevin Fenzi wrote:
On Sun, 09 Feb 2014 21:52:38 +0200 Achilleas Pipinellis axilleaspi@ymail.com wrote:
Hello there!
I bumped into a recent post that describes the way someone could get access to your account using facebook oauth. According to the vulnerability author:
Every website with "Connect Facebook account and log in with it" is vulnerable to account hijacking.
Source: http://homakov.blogspot.gr/2014/01/two-severe-wontfix-vulnerabilities-in.htm...
Facebook will not fix this anytime soon. Should we disable facebook login until this gets resolved?
So, we discussed this some, and it seems like a pretty complex vulnerability. Additionally, ask isn't a particularly sensitive application for us.
So, we are just going to wait and see right now I think, and if it's used against us, reevaluate.
Thanks for bringing it up... I sure hope there's a fix at some point.
kevin
Yeap, I thought so :) I just reported it so that you know it's out there.
infrastructure@lists.fedoraproject.org