Security March 2019

security@internal.sparta.eu

3 participants
1 discussions

Re: [security] [SPARTA - project.consortium] Concerning the security issues disclosed on 12 March 2019

by Nicolas Diaz

Dear SPARTA partners, It could relevant to implement the following method called security.txt in order to provide a channel for reporting vulnerabilities in a coordinated way, especially for IT security researchers who are not part of SPARTA. For instance we have set-up security.txt on our website > https://www.yeswehack.com/.well-known/security.txt You will find documentation concerning this method by visiting the official website > https://securitytxt.org/ Best regards, nicolas diaz On 13/03/2019 11:20, ANTIGNAC Thibaud wrote: > > Dear SPARTA partners, > > > > We now consider that issues #1 and #2 mentioned below have also been > fixed. > > Do not hesitate to contact security(a)sparta.eu > <mailto:security@sparta.eu> for matters related to these issues or, > more generally, to report any security-related issue. > > > > Best regards, > > -- > > Thibaud Antignac > > CEA List > > > > > > *From: *ANTIGNAC Thibaud <thibaud.antignac(a)cea.fr> > *Date: *Tuesday 12 March 2019 at 16:36 > *To: *"project.consortium(a)internal.sparta.eu" > <project.consortium(a)internal.sparta.eu> > *Cc: *<bodies.security-advisory-board(a)internal.sparta.eu>, > "bodies.coordination(a)internal.sparta.eu" > <bodies.coordination(a)internal.sparta.eu> > *Subject: *Concerning the security issues disclosed on 12 March 2019 > > > > Dear SPARTA partners, > > > > Thank you to Matthias for having pointed out these three security issues: > > * #1 – reported on 2019 02 18, disclosed on 2019 03 12 – HTTP page > with form for MLs > * #2 – reported on 2019 02 18, disclosed on 2019 03 12 – Certificate > for https://server.sparta.eu > * #3 – reported on 2019 03 12, disclosed on 2019 03 12 – Public > access to MLs archives > > > > #3, the most critical one, has been fixed almost immediately. #1 and > #2 have been addressed and tests are being made to ensure they can > also be considered as fixed. > > > > The Project Security Officer of SPARTA (Florent Kirchner, CEA) > scheduled a Security Advisory Board meeting to discuss about this > incident and improve the procedures and technical measures. Meetings > with TNK (in charge of the IT infrastructure) and UBON (having > reported the issues) are also being scheduled to get more information > about the circumstances. A more complete description of the incident > will be sent once the whole situation is better understood. > > > > The Security Advisory Board, composed of the Project Security Officer, > the Program leaders, the Ethics Committee chair, and the Dissemination > Committee chair can be contacted > at bodies.security-advisory-board(a)internal.sparta.eu > <mailto:bodies.security-advisory-board@internal.sparta.eu> (and security(a)sparta.eu > <mailto:security@sparta.eu> for external parties). > > > > Do not hesitate to contact the Security Advisory Board or the > coordination at bodies.coordination(a)internal.sparta.eu > <mailto:bodies.coordination@internal.sparta.eu> for matters and > questions related to this incident. Please be sure we are fully > committed on its complete resolution. > > > > Best regards, > > -- > > Thibaud Antignac > > CEA List > > -- *YES WE HACK* Twitter : @YesWeHack <https://twitter.com/yeswehack> https://yeswehack.com Twitter perso : @nicoladiaz <https://twitter.com/nicoladiaz> PGP :: B8E5 208A FB90 3460 __________________________

6 years, 6 months

2025

2024

2023

2022

2021

2020

2019

Security March 2019