I just got an email from Opscode (the company behind Chef) that their wiki and ticketing system has been compromised, the attacker was able to download the whole database including usernames and passwords.<\/p>\n
The passwords were hashed using PBKDF2 (Password-based Key Derivation Function 2) which is also used in WPA2, and quite effective in slowing down brute-force attacks.<\/p>\n
There are two interesting facts: <\/p>\n
1. This is the third email I got during this summer that describes a security breach which directly affects me<\/p>\n
2. Opscode as far as I remember uses Atlassian’s JIRA for ticketing (and maybe for wiki too). Now if indeed Atlassian is the “third party” in the story “whose software has a vulnerability in it, which allowed attackers to gain access” then this is quite big news!
\nSo JIRA users, watch out, there could be a vulnerability in your beloved ticketing system!<\/p>\n
Here is the full email I received:<\/p>\n
Security Breach What Happened? What information was exposed? Were any of my personal tickets accessed? What about my Hosted Chef data? Does this affect my Hosted Chef accounts? How did you catch the breach? What has been done to prevent this type of unauthorized access? What should I do now? We will provide additional details as they become available. <\/p>\n If you have any questions please contact Opscode at security@opscode.com. Our mailing address is: Add us to your address book<\/p>\n Copyright (C) 2013 Opscode All rights reserved.<\/p>\n Forward this email to a friend I just got an email from Opscode (the company behind Chef) that their wiki and ticketing system has been compromised, the attacker was able to download the whole database including usernames and passwords. The passwords were hashed using PBKDF2 (Password-based Key Derivation Function 2) which is also used in WPA2, and quite effective in slowing […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false},"categories":[3],"tags":[132,100,134,133],"_links":{"self":[{"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=\/wp\/v2\/posts\/405"}],"collection":[{"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=405"}],"version-history":[{"count":2,"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=\/wp\/v2\/posts\/405\/revisions"}],"predecessor-version":[{"id":409,"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=\/wp\/v2\/posts\/405\/revisions\/409"}],"wp:attachment":[{"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=405"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=405"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/domonkos.tomcsanyi.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=405"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nUser information for tickets.opscode.com and wiki.opscode.com compromised.<\/p>\n
\nA vulnerability in the third-party software that runs our Open Source Chef wiki and ticketing system was exploited to gain access to that particular system. While on this system, the attacker gained escalated privileges and downloaded the user database for the wiki and ticketing system.<\/p>\n
\nThe user database that was accessed contained usernames, email addresses, full names, and hashed passwords. We believe these passwords are adequately secure (the software in question uses the PBKDF2 algorithm), but we will be forcing a password change on the ticketing and wiki systems. If you use this password on other systems, we suggest choosing a new password on those systems as well.<\/p>\n
\nWe are still investigating this breach; however, there is currently no evidence that any other systems were impacted or that other data was compromised.<\/p>\n
\nThis does not directly impact your Hosted Chef data or accounts. If you use the same username and password, it is recommended that you change this.<\/p>\n
\nOur security monitoring alerted us to the unauthorized access. Upon investigation, we confirmed the unauthorized activity and immediately took steps to terminate the unauthorized access, isolate the affected systems, and secure forensic data.<\/p>\n
\nWe are working with our third party software providers to identify the vulnerability and apply the appropriate patches to the systems.<\/p>\n
\nYou will be asked to change your password the next time you access wiki.opscode.com or tickets.opscode.com. If you use the same credentials at any other site, you should assume that those credentials have been compromised and update them immediately. You may also wish to follow @opscode_status on Twitter for immediate updates.<\/p>\n
\nYou are receiving this email because you have an account in our ticketing system (http:\/\/tickets.opscode.com) or on our wiki (http:\/\/wiki.opscode.com).<\/p>\n
\nOpscode
\n1008 Western Ave
\nSuite 600Seattle, WA 98104<\/p>\n
\nUpdate your profile<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"