that particular output of uname is the kernel version, IE when it was compiled. uname doesn't output the current date. | [reply] |
Please note: The April 15, 2005 date is the output of a uname command. The list of saints includes users who did not exist in 2005 and/or people who were only added to the Saints list at the end of April, 2009. This is a recent hack.
Best, beth
| [reply] [d/l] |
however the hack ia few month old already : Fri Apr 15
I'm guessing, but from comments in the CB I've gathered that the server that was hacked was an old machine, which is still up but no longer in active use. So the hack might very well be more recent, with only older information being disclosed.
| [reply] [d/l] |
the info might be old but i guess most people don't change their passwords every few months so most of those passwords might be working.
| [reply] |
so most of those passwords might be working
Oh yeah, absolutely. And even if someone has changed their password between Apr. 15th and now they should still change it again now (and probably again after the gods declare the crisis to be over) just to be sure.
I just mentioned this (i.e. the date of the information not necessarily indicating when the hack occurred) to prevent a false sense of security (as in "Oh well, nothing bad has happened since April so I guess it's ok").
| [reply] [d/l] |
It's still out there, now mirrored in several places (not by me, but others). Since PerlMonks is still up and running, some must think there's no risks remaining. In the interest of full disclosure here's the *TEXT ONLY* of the posting:
There is a really simple reason we owned PerlMonks: we couldn't resist more
than 50,000 unencrypted programmer passwords.
That's right, unhashed. Just sitting in the database. From which they save
convenient backups for us.
Believe it or not, there is actually debate at perlmonks about whether or not
this is a good idea. Let's just settle the argument right now and say it was
an idea that children with mental disabilities would be smart enough to scoff
at. We considered patching this for you but we were just too busy and lazy.
I'm sure you can figure it out yourselves.
This isn't a bad set of passwords, either. Programmers have access to
interesting things. These Perl guys are alright, just a little dumb apparently.
A lot of them reuse. You can explore them yourselves, I really do not want to
point out anyone in particular.
...
In case you guys are worried, we did NOT backdoor dozens of your public Perl
projects. Honest. Why would we want to do that?
Not worth our time ;)
| [reply] |