FYI ________________________________ From: David Smith [mailto:David.Smith@synopsys.com] Sent: Saturday, May 02, 2009 9:41 AM To: Joseph Little; Rich, Dave Cc: Mark Holm; support@eda.org Subject: RE: Mantis system is down and EDA.org has been in maintenance Just to be clear. Mantis is down until this is fixed. The committee's will have to be understanding. We clearly need to implement some handling to watch for things like this. Mark, any ideas what changes we need to implement so that this can be caught much earlier? Regards David David W. Smith Synopsys Scientist Synopsys, Inc. Synopsys Technology Park 2025 NW Cornelius Pass Road Hillsboro, OR 97124 Voice: 503.547.6467 Main: 503.547.6000 Cell: 503.560.5389 FAX: 503.547.6906 Email: david.smith@synopsys.com http://www.synopsys.com Saber Accelerates Robust Design Predictable. Repeatable. Reliable. Proven. From: Joseph Little [mailto:jlittle@ee.stanford.edu] Sent: Friday, May 01, 2009 7:01 PM To: Rich, Dave Cc: Mark Holm; support@eda.org Subject: Re: Mantis system is down and EDA.org has been in maintenance A recurrence of the bot may not go over well with Stanford security. A lot of red flags were raised on why the hole wasn't closed immediately and questions over responsibility. Thus, re-enabling the security hole can have much more far reaching implications. We know the system is now actively targeted, so assume it will be re-botted. On May 1, 2009, at 6:18 PM, Rich, Dave wrote: Any Idea of when you can get to it? Many of the comities have meetings on Monday. If it will be a while before you can get to it, can we turn on the site again and what out for that IRC bot? Dave ________________________________ From: Mark Holm [mailto:markh@infoarch.com] Sent: Friday, May 01, 2009 8:49 AM To: Rich, Dave Subject: RE: Mantis system is down and EDA.org has been in maintenance Let me see what I can do. It will be a bit before I can get to that though. I'll let you know when it's done. markh ________________________________ From: Rich, Dave [mailto:Dave_Rich@mentor.com] Sent: Friday, May 01, 2009 8:36 AM To: Mark Holm; David Smith Cc: support@server.eda.org Subject: RE: Mantis system is down and EDA.org has been in maintenance Hi Mark, Mantis 1.1.0 requires MySQL 4.1.1 or above. We have 4.0.16. Can you upgrade it to 4.1.22? Dave ________________________________ From: Mark Holm [mailto:markh@infoarch.com] Sent: Thursday, April 30, 2009 11:46 PM To: Rich, Dave; David Smith Cc: support@server.eda.org Subject: RE: Mantis system is down and EDA.org has been in maintenance Thanks! markh From: Rich, Dave [mailto:Dave_Rich@mentor.com] Sent: Thursday, April 30, 2009 11:40 PM To: Mark Holm; David Smith Cc: support@server.eda.org Subject: RE: Mantis system is down and EDA.org has been in maintenance OK sound like I need to get right on it.... ________________________________ From: Mark Holm [mailto:markh@infoarch.com] Sent: Thursday, April 30, 2009 11:39 PM To: Mark Holm; Rich, Dave; David Smith Cc: support@server.eda.org Subject: RE: Mantis system is down and EDA.org has been in maintenance OK, that one is now also setup with a holding page. markh From: Mark Holm [mailto:markh@infoarch.com] Sent: Thursday, April 30, 2009 11:34 PM To: Rich, Dave; David Smith Cc: support@server.eda.org Subject: RE: Mantis system is down and EDA.org has been in maintenance Thanks I did not know about the other one. I'll go move it also... markh From: Rich, Dave [mailto:Dave_Rich@mentor.com] Sent: Thursday, April 30, 2009 11:31 PM To: David Smith Cc: support@server.eda.org Subject: RE: Mantis system is down and EDA.org has been in maintenance Yes, I have some time to do the upgrade. BTW, there were 2 identical installations of mantis both pointing to the same SQL data base, one in /pub/mantis and the other in /pub/svdb. You only turned of the one in /mantis. Dave ________________________________ From: David Smith [mailto:David.Smith@synopsys.com] Sent: Thursday, April 30, 2009 4:37 PM To: Rich, Dave Subject: FW: Mantis system is down and EDA.org has been in maintenance Hi Dave, I believe you did the last Mantis update. Are you interested or willing in doing it again? Regards David David W. Smith Synopsys Scientist Synopsys, Inc. Synopsys Technology Park 2025 NW Cornelius Pass Road Hillsboro, OR 97124 Voice: 503.547.6467 Main: 503.547.6000 Cell: 503.560.5389 FAX: 503.547.6906 Email: david.smith@synopsys.com http://www.synopsys.com <http://www.synopsys.com/> Saber Accelerates Robust Design Predictable. Repeatable. Reliable. Proven. From: Mark Holm [mailto:markh@infoarch.com] Sent: Thursday, April 30, 2009 4:35 PM To: group-sysops@eda.org; sysops@eda.org; support@eda.org Subject: Mantis system is down and EDA.org has been in maintenance FYI for everyone. Please let everyone in your groups know the Mantis system was used to hack the server and install an IRC bot. We have isolated the bot and Mantis has turned off while we get it upgraded to the latest version which doesn't have this security hole. I have been in contact with David Smith and he will start working on the upgrade within the next couple of days. If one of you has experience with upgrading Mantis and can help speed up the process, please let us know? Sorry for the delayed announcement, we had another issue with the mailscanner that needed a MySQL repair that also got addressed today. Email should be back up and running again. Let me know if you see any issues in that area. markh ================================================ Mark A. Holm InfoArch, Inc. 2045 SE 70th Ct. MS1 . Office: (503) 943-3202 Hillsboro, OR 97123 Fax: (503) 591-8584 http://www.infoarch.com <http://www.infoarch.com/> <mailto:markh@infoarch.com <mailto:markh@infoarch.com> > -- This message has been scanned for viruses and dangerous content by MailScanner <http://www.mailscanner.info/> , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner <http://www.mailscanner.info/> , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner <http://www.mailscanner.info/> , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner <http://www.mailscanner.info/> , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner <http://www.mailscanner.info/> , and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.Received on Sat May 2 09:51:21 2009
This archive was generated by hypermail 2.1.8 : Sat May 02 2009 - 09:51:28 PDT