Wireshark Wiki Security Incident

January 9, 2013

On July 25, 2012 an intruder gained access to the server that hosts wiki.wireshark.org, blog.wireshark.org, and ask.wireshark.org. This intrusion went undetected until January 8, 2013.

What was affected?

As far as we can tell the only service affected was wiki.wireshark.org. The Wireshark source code repository, bug tracker, mailing lists, and other services reside on other hosts and do not appear to be impacted.

What are you doing?

Wiki.wireshark.org is down and is being rebuilt from scratch. Even though ask.wireshark.org and blog.wireshark.org don't appear to be impacted they were on the same host and are being rebuilt from scratch as well.

We are still conducting an investigation into the full extent of the breach and will update this page with any new information.

What should I do?

Your password on wiki.wireshark.org will be reset. If you used that password anywhere else you should change that password immediately.

Update: January 9, 2013

wiki.wireshark.org is back online. All passwords have been reset.

Update: January 10, 2013

ask.wireshark.org and blog.wireshark.org are back online.

Update: January 11, 2013

As an added precaution all passwords on ask.wireshark.org and blog.wireshark.org have been reset.

More Information

Debian Wiki Security Incident 2012
wiki.python.org Compromised