From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	FREEMAIL_FROM,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
	version=3.4.4
Received: (qmail 24512 invoked from network); 1 Apr 2022 00:03:12 -0000
Received: from 4ess.inri.net (216.126.196.42)
  by inbox.vuxu.org with ESMTPUTF8; 1 Apr 2022 00:03:12 -0000
Received: from mail-4324.protonmail.ch ([185.70.43.24]) by 4ess; Thu Mar 31 19:54:31 -0400 2022
Date: Thu, 31 Mar 2022 23:54:22 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
	s=protonmail; t=1648770867;
	bh=DJc8Rd0zuij1YkVdD0Z7h5uzqqJnG4p9diPYfYCx+IM=;
	h=Date:To:From:Reply-To:Subject:Message-ID:In-Reply-To:References:
	 From:To:Cc:Date:Subject:Reply-To:Feedback-ID:Message-ID;
	b=02GFWadDAn8rHit8Bx3ktP0VEK+/6ImFfb0Y0o/EZLL90ZrRJuE5/VkqbXl4MHrea
	 rQ4FJDAcFdojODv/4+YtsDZWikah2X819AHAKeCUoq0fyPqoNhCiP80EW9C7W0fKQp
	 Dkkbf68KNBYJT1ApKQhyG7I+p5TOBFDaw436FabJG3VxJ41liO23X4fE+d+9rLwbl7
	 i0D5l8uYKXk2cpjQhXU/+Qp5hx3m/MS0x09LjpiZAQAuFeAmPpQSzlWPRpWYhBx2pY
	 hr1tevWYCp0251T+3fcWOe5WgjWk0UdZQF4QXMsNWxDBrIIXj3AoO13/3DidSEz0dg
	 FM0D5NOhpCjyQ==
To: 9front@9front.org
From: Avalon Williams <avalonwilliams@protonmail.com>
Message-ID: <ttG_69SucNyNUvtb74BYfFu9f-uw1tTcIcIztINdKUHjLAPNjUh6DVyiOo1cceJjvnNTbDqt_9xCxcPNKG2tsOvdKRpagK5BYQZUI99wT7k=@protonmail.com>
In-Reply-To: <EC93BCF8DB4A22F2A1E6CF0D3FB0C16A@5ess.inri.net>
References: <EC93BCF8DB4A22F2A1E6CF0D3FB0C16A@5ess.inri.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: stateless scripting backend 
Subject: Re: [9front] 4chan hacked rc-httpd
Reply-To: 9front@9front.org
Precedence: bulk

Another note to have with this is just to have better data security, in a m=
odified version of werc I'm using I added a number of security features (th=
ough they were all designed to run on plan9port rather than on 9front itsel=
f and I never bothered porting them or contributing them because they relie=
d on some Linux-specific commands), including a salted password hash storag=
e system (I used sha-256 but was planning on moving it to use argos2 via a =
go utility).

Leaks are always going to happen, its better to make the data harder to acc=
ess after the fact as well as trying to prevent them in the first place.

avnt
------- Original Message -------

On Thursday, March 31st, 2022 at 2:10 PM, <sl@stanleylieber.com> wrote:

> https://boards.4channel.org/g/thread/86286230/plan-99front-is-super-secur=
e
>
> mailing list subscriber lists were leaked. i don't think any other
>
> sensitive data was.
>
> if you have an auth password on one of our servers, change it now,
>
> just for good measure.
>
> sl