On Fri, Jul 5, 2024 at 1:21 PM Wilhelm Spiegl via Freedos-devel <freedos-devel@lists.sourceforge.net> wrote: > > I wonder how someone was able to come in? Bad configured server / not yet > fixed linux bug or bad password? > Have I been pawned? shows interesting results for passwords. >
My impression from managing the wiki when it was on SourceForge, and moving the wiki to wiki.freedos.org, is that Mediawiki was designed to be "everything for everyone." So it has a lot of entry points into the system, which means a pretty wide attack surface for a system everyone on the Internet can talk to. BTW, I also check https://haveibeenpwned.com/ every few months to check for data issues, and you need to be thoughtful about what you find there. For example, they show several "data breaches" for me that weren't "account breaches." Like 'B2B USA Businesses' which aggregates contacts lists for different employers in the US (they sell access to that list to people like recruiters and marketers). My email was in there because they collected it (and that data was leaked during a data breach) but not because I had an account there. And then you have things like the Linux Mint breach, and I set up an account there to ask exactly one question on their board - but I didn't enter any personal data, just email address and "Jim Hall" (any other fields would have been blank or made-up data) so the other stuff in that breach doesn't apply to me. A reminder to be careful about what data you share online. _______________________________________________ Freedos-devel mailing list Freedos-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freedos-devel
