:: Re: [unSYSTEM] Unsystem Servers Cer…
Top Page
Delete this message
Reply to this message
Author: Drak
Date:  
To: System undo crew
Subject: Re: [unSYSTEM] Unsystem Servers Certificate Update
Remember to flush the session table once since all rememberme sessions must
re-auth because session cookies could have been stolen.


On 12 April 2014 11:26, caedes <caedes@???> wrote:

> Hi!
>
> As the sslbleed bug requires changing we have done it already (we let a
> couple days pass to let the situation settle down a bit).
>
> You can check the new fingerprints:
> https://wiki.unsystem.net/index.php/UnSYSTEM_SSL_Fingerprints (check gpg
> signatures to know it's the real deal)
>
> All users are advised to change their password *as soon as possible*. We
> don't have many services actually requesting a password, but anyone who
> used the wiki or other ssl protected services has to change their password.
>
> This is not just for unsystem, for other services on the internet remember:
> * They have to change their certificates
> * After changing the certificates they should ask you to change your
> password
>
> If any service fails to do that, you are well recommended to query the
> admins for the situation and don't trust the service to be doing its
> job. Also you *should not* change your passwords before you know the
> certs are changed. This bug probably means the NSA and other nefarious
> entities (and probably others too) have all your passwords and could
> read conversations since 2 years.
>
> We have also created a fund for maintenance for the servers:
>
> https://wiki.unsystem.net/index.php/UnSYSTEM/Funds/Servers
>
> Everyone is welcome to chip in so we share the costs. This fund will be
> used to pay for server costs, expanding and improving the server farm
> and security and if possible some admin work, you have all the info in
> the wiki.
> We already received 1 btc from someone, thx!
>
> Cheers!
>
>
> _______________________________________________
> unSYSTEM mailing list: http://unsystem.net
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/unsystem
>
>