Re: [Fwd: Security Breach Alert - CVS Home File Download Are…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MAlan Dayley at <-
M 
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Alan Dayley
Date:  
To: plug-discuss
Subject: Re: [Fwd: Security Breach Alert - CVS Home File Download Area Compromised]
This is the last of the thread about a possible security breach at
www.cvshome.org.

The current conclusion is that there was and now is no security breach.  The
odd behavior os tagged as some interaction between the server and particular
browsers and mime type handling.  The final message is repeated below for
your information.

Alan

- -------- Original Message --------
Subject: RE: Security Breach Alert - CVS Home File Download Area Compromised
Date: Fri, 28 Jan 2005 15:20:24 -0800
From: Conrad T. Pino <>
To: Info CVS <>, <>,
Bug CVS <>
CC: Kenneth Schwartzman <>,   Philippe Turpault
<>, Brian Noble <>

Hi All,

I just got off the phone with Kenneth Schwartzman of Collab Net.
Kenneth reports the IT Engineering team investigated my report
and found no evidence to support a security breach.

The unexpected download behaviors I reported previously are now
believed to be a consequence of MIME type information supplied
by Apache 2.0 being acted upon differently by various browsers.

Collab Net IT Engineering, Mark Baushke, Larry Jones and I all
support this hypothesis.

Collab Net IT Engineering understands the desirability of having
a download content authentication method in place and will focus
attention on this issue after completing more pressing issues.

I'm closing this topic thread and will continue the issue as
"Binary File Download Authentication" on the "Bug-CVS" list.

I'm sorry for any inconvenience this false alarm may have caused
but a prior recent successful breach made it seem prudent to raise
an alarm even though only incomplete information was available.

Best regards,

Conrad T. Pino



_______________________________________________
Info-cvs mailing list

http://lists.gnu.org/mailman/listinfo/info-cvs
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Upgrade-ability of Mepis and Ubuntu (for InstallFest)[OT] Yet Another Perl Conference North America 2005 announces call-for-papers->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)