Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Alias (5735)

Alias
  (email not shown publicly)
http://ali.as/

Journal of Alias (5735)

Wednesday July 29, 2009
01:15 PM

Please stand by for a mass password reset of PAUSE

[ #39372 ]

I won't post links, but you may have recently heard of PerlMonk's current security situation.

As part of our response to this situation the CPAN admins (or more specifically, Andreas) will at some point in the near future most-likely be doing a partial bulk-reset of PAUSE passwords.

This will not need to be a complete password reset, as there is a method by which we can limit the password reset to any rotten PAUSE accounts infected by the (50,000) rotten PerlMonks accounts. Either with a shared password, or a co-incidentally identical password.

If you'd like to have some control over the situation, I would strongly recommend that if you have both a PerlMonks and PAUSE login you audit the password you were using on PerlMonks and check for any other sites or hosts you may have shared that password with, including PAUSE.

If you update your PAUSE account to a more secure password, you should not get caught in the reset.

Now would also be a good time to update your PAUSE email address if it has gone stale.

Posted with comments off, for obvious reasons. Now go check your security.