[CKAN-Security] CKAN security issue
Koebrick, Andrew (MNIT)
andrew.koebrick at state.mn.us
Mon Apr 6 19:59:32 UTC 2015
We just had an incident with CKAN last week which might be worth keeping an eye on. A user from Turkey created an account called "administrator" and filled their profile with propaganda claiming they are the "Cyberizm Digital Security Team". You can see the content (for the time being) at:
http://labs.geodata.gov.gr/user/administrator
I am going to try to override the CKAN authentication so that only users can see their own profile, and the user list. You might want to build in some way for sysadmins to turn off public profiles. You might also want to warn the other vandalized ckan instances that this content is there. I see a bunch when I google "ckan Cyberizm Digital Security Team"
Andrew Koebrick | MINNESOTA GEOSPATIAL INFORMATION OFFICE
Web Coordinator / Systems administrator / Librarian
MN.IT Services @ CENTRAL
651-201-2465 (w) | 651-296-6398 (f) | andrew.koebrick at state.mn.us<mailto:andrew.koebrick at state.mn.us>
658 Cedar St., Room 300, St. Paul, MN 55155, www.mngeo.state.mn.us<http://www.mngeo.state.mn.us/>
[cid:image002.jpg at 01CE61F8.52552AE0]<http://www.mn.gov/oet>
Information Technology for Minnesota Government | mn.gov/oet<http://www.mn.gov/oet>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150406/354fdb1f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1624 bytes
Desc: image001.jpg
URL: <https://lists.okfn.org/mailman/private/security/attachments/20150406/354fdb1f/attachment.jpg>
More information about the Security
mailing list