[Infrastructure] Identity account security

Ian Wadham iandw.au at gmail.com
Sun Feb 22 23:58:37 GMT 2015


Hi Ben,

On 23/02/2015, at 9:13 AM, Ben Cooksley wrote:
> Due to a series of unfortunate incidents it has become all to clear
> that unknown parties appear to be getting hold of people's Identity
> credentials. These are subsequently used by spammers to relay spam
> messages through postbox.kde.org.
> 
> As a result sysadmin has now restricted authentication to people who
> have explicitly requested it. If you need to use postbox.kde.org to
> send your mail and are now being denied access, please file a sysadmin
> ticket and we'll add you to the list.

Something weird is happening here.  I have not used postbox.kde.org
before, but I clicked on the above link out of curiosity.  What I got was a
page headed as follows:

Apache2 Ubuntu Default Page
It works!
This is the default welcome page used to test the correct operation of the Apache2 server after installation on Ubuntu systems. It is based on the equivalent page on Debian…

The weird thing is that I am using Firefox on Apple OS X 10.7.5 (Lion)
and I have no Apache installed nor running...

> Even if you have never used this service, this serves as a timely
> reminder to please be careful with your Identity credentials. Even
> those using Linux / FreeBSD / etc can still be compromised by
> malicious browser addons or applications running in Wine and other
> emulators. Hostile applications on your mobile device are also a
> potential vector for this.

Cheers, Ian W.





More information about the kde-core-devel mailing list