[kde-community] [Infrastructure] Identity account security
bcooksley at kde.org
Mon Feb 23 01:44:42 UTC 2015
On Mon, Feb 23, 2015 at 12:58 PM, Ian Wadham <iandw.au at gmail.com> wrote:
> Hi Ben,
> On 23/02/2015, at 9:13 AM, Ben Cooksley wrote:
>> Due to a series of unfortunate incidents it has become all to clear
>> that unknown parties appear to be getting hold of people's Identity
>> credentials. These are subsequently used by spammers to relay spam
>> messages through postbox.kde.org.
>> As a result sysadmin has now restricted authentication to people who
>> have explicitly requested it. If you need to use postbox.kde.org to
>> send your mail and are now being denied access, please file a sysadmin
>> ticket and we'll add you to the list.
> Something weird is happening here. I have not used postbox.kde.org
> before, but I clicked on the above link out of curiosity. What I got was a
> page headed as follows:
> Apache2 Ubuntu Default Page
> It works!
> This is the default welcome page used to test the correct operation of the Apache2 server after installation on Ubuntu systems. It is based on the equivalent page on Debian…
> The weird thing is that I am using Firefox on Apple OS X 10.7.5 (Lion)
> and I have no Apache installed nor running...
This is completely normal. postbox.kde.org is actually a server
hostname, much like silk.kde.org or olios.kde.org.
The page you saw was delivered by our server, and therefore has
nothing to do with your local system :)
By default we usually configure our machine hostnames to return a short quote.
I've now rectified this error.
To use postbox.kde.org, you need to use a mail client, not a web browser.
>> Even if you have never used this service, this serves as a timely
>> reminder to please be careful with your Identity credentials. Even
>> those using Linux / FreeBSD / etc can still be compromised by
>> malicious browser addons or applications running in Wine and other
>> emulators. Hostile applications on your mobile device are also a
>> potential vector for this.
> Cheers, Ian W.
More information about the kde-community