According to Brian Curtin at Python Project, Hacker user some unknown remote code exploit on Python Wiki server (http://wiki.python.org/) and was able to get shell access. The shell was restricted to "moin" user permissions, where but no other services were affected. Attacker deleted all files owned by the "moin" user, including all instance data for both the Python and Jython wikis.
Python Software Foundation encourages all wiki users to change their password on other sites if the same one is in use elsewhere. For now, Python Wiki is down and team is investigating more about breach.
Where as in Debian Wiki (http://wiki.debian.org/) security breach, user use some known vulnerabilities Directory traversal (CVE-2012-6080, CVE-2012-6495), Multiple unrestricted file upload vulnerabilities (CVE-2012-6081), Cross-site scripting (XSS) vulnerability (CVE-2012-6082).
Luca from Debian also mention,"We have reset all password hashes and sent individual notification to all Debian wiki account holders with instructions on how to recover their passwords".
In case of Debian, hacker compromise only 'wiki' user and have captured the email addresses and corresponding password hashes of all wiki editors. "The attacker(s) were particularly interested in the password hashes belonging to users of Debian, Intel, Dell, Google, Microsoft, GNU, any .gov and any .edu."
Both servers was compromised in December 2012, but it is not clear yet that same hacker do both hacks or not.
Popular Deals From Our Store
Ethical Hacking Certification Training
Get Professional Ethical Hacking Certifications: CEH, CHFI, CISM, CISA, CISSP Trainings.
96% Off Get this Deal
Computer Hacking Forensic Investigation
Online Hands-on Training with Lifetime Access to Forensic Investigation Certification Classes.
98% Off Get this Deal