Never a boring moment running CRYOLIST

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Never a boring moment running CRYOLIST

Todd Albert
Glaciologists and enthusiasts,

Earlier today, Chris Marsh pointed out that cryolist.org was redirecting to a malicious website whenever it was viewed from a mobile device (we both tried from several Apple iOS devices to confirm this). We spent the day troubleshooting and found that someone had hacked our web files and inserted malicious code.

We have worked hard today to fix the problem and patch the leaks through which the perpetrators managed to hack the site. Everything should be secure again, and more secure than in the past.

To our knowledge, no user information was compromised. Since we only store names and email addresses, the information is not as sensitive as if we had financial information or anything of the sort.

Please let us know ASAP, if you notice any suspicious behavior or activity on the site.

I do not think this was a directed threat. There are many hackers that merely comb the web searching for backdoors or exploits and then do damage just for the sake of earning reputation among their peers. There is no indication that this was an attack directed at the glaciological community.

The only change you should notice is that some of the links have changed. For example, to search or view the archives, you now must go to http://cryolist.org/archives.html (the .html part was added).

Thanks for all you do. I hope no one was affected negatively by this hack.

Best,
Todd

_______________________________________________
You're subscribed to the CRYOLIST mailing list
To change your subscription options, visit http://cryolist.org/member
To send a message to the list, email [hidden email]
For conference-related messages, email
[hidden email]
For posting guidelines, see http://cryolist.org/posting/