[kde-community] [Infrastructure] Identity account security

Ben Cooksley bcooksley at kde.org
Mon Feb 23 01:44:42 GMT 2015


On Mon, Feb 23, 2015 at 12:58 PM, Ian Wadham <iandw.au at gmail.com> wrote:
> Hi Ben,

Hi Ian,

>
> On 23/02/2015, at 9:13 AM, Ben Cooksley wrote:
>> Due to a series of unfortunate incidents it has become all to clear
>> that unknown parties appear to be getting hold of people's Identity
>> credentials. These are subsequently used by spammers to relay spam
>> messages through postbox.kde.org.
>>
>> As a result sysadmin has now restricted authentication to people who
>> have explicitly requested it. If you need to use postbox.kde.org to
>> send your mail and are now being denied access, please file a sysadmin
>> ticket and we'll add you to the list.
>
> Something weird is happening here.  I have not used postbox.kde.org
> before, but I clicked on the above link out of curiosity.  What I got was a
> page headed as follows:
>
> Apache2 Ubuntu Default Page
> It works!
> This is the default welcome page used to test the correct operation of the Apache2 server after installation on Ubuntu systems. It is based on the equivalent page on Debian…
>
> The weird thing is that I am using Firefox on Apple OS X 10.7.5 (Lion)
> and I have no Apache installed nor running...

This is completely normal. postbox.kde.org is actually a server
hostname, much like silk.kde.org or olios.kde.org.
The page you saw was delivered by our server, and therefore has
nothing to do with your local system :)

By default we usually configure our machine hostnames to return a short quote.
I've now rectified this error.

To use postbox.kde.org, you need to use a mail client, not a web browser.

>
>> Even if you have never used this service, this serves as a timely
>> reminder to please be careful with your Identity credentials. Even
>> those using Linux / FreeBSD / etc can still be compromised by
>> malicious browser addons or applications running in Wine and other
>> emulators. Hostile applications on your mobile device are also a
>> potential vector for this.
>
> Cheers, Ian W.
>

Regards,
Ben



More information about the kde-community mailing list