Trending

Filed under: News | Technology News

 

Drupal Hacking Results Password Resets

Drupal is being hacked. The company has officially announced that unauthorized access is found to be made for user information for Drupal.org and its groups. These accounts are in millions while Drupal yet said that CMS account information is still safe.

May 30 2013, 1:17pm CDT | by

1 Updates
Drupal Hacking Results Password Resets
 
 

YouTube Videos Comments

Full Story

Drupal Hacking Results Password Resets

Drupal Hacking Results Password Resets

Drupal Association Executive Director Holly Ross officially disclosed a statement after initial security audit at their end. It states to undergo certain security measures which are necessary to protect your Drupal.org accounts from mishandling or hacking. The substructure of Drupal was compromised with the installation of third party software. It exposed certain information on Drupal.org website and its subdomain groups.drupal.org. A hacked injection into their system made users vulnerable by exposing the following information;

  • Username
  • Email address
  • Country
  • Password in hash code format. These are stored in PHPass format after multiple hashing techniques. It can be broken with the support of a certain high profile servers with high processing power.

The above mention information can be used to reset password of Drupal.org passwords. And to protect users ED Holly Ross given a detailed press briefing with suggested security checks and measures. This website does not store any sensitive information like address, credit card credential, CVV code.

Holly Ross has recommended for its users to change their .org password. It is a precaution to protect users if somehow hash security is compromised. You need to visit drupal.org site with your credentials. It required email address and username. Ask the server to send a reset password link to your email address. You will receive email in fifteen minutes. Open the email, click on reset URL. It will take you to a URL where you can enter your new password.

Drupal Association has taken the following precautionary steps. But the aforementioned steps are just part of extra measures.

  • Whole server set is scanned with antivirus for any sniffer, virus or other malicious programs. The process is still on as I am writing this article. It will remove any extra junctions to the existing file signatures.
  • The backend server is Apache. Its configurations are modified to restrict access to certain sensitive files and folders.
  • The whole server will now be converted into static content being archived on separate servers just like Google keeps cache. And the websites which are not dynamic will be shifted to static archives too. It will make restoring data and checking modification signatures easy process for security experts.

The security audit is complete on initial stage and yet forensic analysis is pending. There is not proof that core files of Drupal are modified but will soon come to know. The third party software that caused the malicious injection in system is notified and made public about the flaw. Association is not yet clear about the intention or purpose of this act.

 

You Might Also Like

Updates


Sponsored Update


Advertisement


More From the Web

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/20" rel="author">Sumayah Aamir</a>
Sumayah Aamir (Google+) has deep experience in analyzing the latest technology trends.

 

 

Comments

blog comments powered by Disqus

Latest stories

Apple Stock Expected To Grow This Year
Apple Stock Expected To Grow This Year
With new products coming out, growing stock is sure to follow
 
 
Jessie James Decker and Eric Decker have a Good Time
Jessie James Decker and Eric Decker have a Good Time
Jessie James Decker and her hubby Eric Decker have a good time together. Recently Jessie released her EP album and her husband took part in a baby swaddling contest.
 
 
Utah Plane in Iran is a Mystery
Utah Plane in Iran is a Mystery for Bank of Utah
A Utah plane landed in Iran recently which in itself was a shock. But the even bigger mystery is that its very presence in that region is something unknown to the parent company, Bank of Utah.
 
 
Wyatt Earp Revolver Sold for $225,000
Wyatt Earp's Revolver Sold for $225,000
Belongings of Wyatt Earp (mostly guns) were auctioned in Scottsdale, Arizona on April 17th. Wyatt Earp is a legend in Arizona's law history. And one of his guns, a Colt .45-caliber revolver, was sold for $225,000.
 
 
 

The Hottest Photos of Victoria's Secret Fashion Show 2013