Someone keeps registering and posting articles with links to the “skale.space” domain despite the fact that I keep deleting them, so I thought I should reward them for their effort.
They are some kind of blockchain shop (yeah, shady activities, how uncharacteristic, right?), so I don’t know that my usual note that you might want to know that if you do business with them is all that relevant, but, there you go.
HTTPS support on blogs.perl.org, announced last month, has now undergone some additional small improvements to prevent the previously still theoretically possible exposure of session cookies in unencrypted requests.
As such, now is a good time to update your blogs.perl.org password to ensure you are not using credentials which may have previously been passively collected on an open network or the like.
Note: this recommendation is not a response to any known breach of blogs.perl.org. It is a response to the fact that security on blogs.perl.org has finally reached the level necessary to make this precautionary measure useful.
The site is now served over HTTPS.
The blogs.perl.org site will be unavailable for a few hours during the night of February 16th to 17th 2017. The site will stop responding at approximately 21:00 UTC on the 16th, and is expected to be back by 05:00 UTC on the 17th.
The reason for this downtime is that the data centre where the site hardware is hosted is being closed, so our hosting company is transporting all servers in that data centre to a new location.
We apologise for any inconvenience caused.
We regret to announce that blogs.perl.org was recently the subject of a data
breach.
An attacker gained access to the database that runs the site, and was able
to take a copy of all users’ hashed passwords. We’ve therefore cleared all
users’ passwords as a precaution.
If you have an account on the site, you should have received an email
telling you how to reset your password.
If you haven’t received it soon, please let us know.
Even though the passwords were stored in a hashed form, rather than as
plaintext, the blogging software we use (Movable Type) uses a relatively
weak hashing algorithm, so the attacker may be able to determine your old
password.
It is therefore very important that, if you used the same password on any
system other than blogs.perl.org, you change the password you use there,
too.
We apologise sincerely for the inconvenience this has caused our users, and
for failing to live up to the trust that the Perl community has placed in
us.