Discussions

News: Security issue on TSS today

  1. Security issue on TSS today (4 messages)

    Site Editor Peter Varhol wants you to know TSS had a security issue today. It was not a hack, but rather a misconfiguration on our part. It exposed an administration console to all users signing in with their account. It is possible that users had certain administrative privileges available for a period of about two hours. When we discovered the problem, we disabled that administrative console. We are currently working to fix the root problem. We have no knowledge at this time that anyone gained administrative access or took any actions if they did. Users accessing this console could only perform a limited number of actions. We are currently examining server logs to determine if anyone did so, and will post an additional message once we find out. Thanks for your patience.

    Threaded Messages (4)

  2. Re: Security issue on TSS today[ Go to top ]

    And you also had/have a problem whereby comments are posted by "" (blank) so nobody knows who posted them (like this "story"). Nice. You do check changes in a dev environment before they go live ... don't you? :-)
  3. Re: Security issue on TSS today[ Go to top ]

    Andy, I originally posted that. It looks like someone in IT went and made a minor edit after I did so. The posting is still substantially the same as the one I made, so it should still retain my name.
  4. missing names[ Go to top ]

    the name is now there. Though it wasn't a while ago. There are still a few posts without a name in other threads but all latest posts have names so I assume the problem has been addressed.
  5. Re: Security issue on TSS today[ Go to top ]

    And you also had/have a problem whereby comments are posted by "" (blank) so nobody knows who posted them (like this "story"). Nice. You do check changes in a dev environment before they go live ... don't you? :-)
    Oh, stop the whining. I doubt if you've ever seriously developed any software beyond a TODO list that you haven't released bugs to production. No matter how good the QA process is, there are still bug release possibilities. Ilya