Sun, 06/08/2014 - 18:00
There has been a security breach on the AAVSO website. Because passwords may have been compromised, we have cleared all user passwords. If you have not done so already, you must reset your password before you can log in.
Please Note:
- If you used your AAVSO web password for any other non-AAVSO account, we strongly advise that you change it there as well.
- The AAVSO International Database has been validated. There has been no loss of data.
- Personal financial information is not stored on any computer or database at the AAVSO, and therefore was in no way exposed.
If you have any questions or concerns we urge you to contact us at aavso@aavso.org or call us during regular business hours (Eastern Time) at 617-354-0484.
I'm sure it has been several long days of hard work to get back on line: thank you HQ staff!
Gary Billings
And it happened at the end of a week where all the staff had spent a large amount of time manning the booth at the AAS meeing downtown. I think all AAVSO members would be proud of the way they represented us at the AAS. Then this happened. I think Doc in particular needs a well earned vacation :).
My understanding is that both Doc and Will worked most of the weekend to bring us back online. Great job and thanks to both of you!!!
Cheers,
Doug
Gret Job Doc & Will!
Thank you, Doc! Now get some sleep!
..george
I used to work in computer sys admin many eons ago, in the good old days of VAX/VMS and Unix. I am sure things are light years more complex nowadays with all the Windows security holes, cloud-based and internet apps, etc.
Thanks for the certainly hard work Doc & Will :)
Mike LMK
Congratulations to everyone involved in getting the AAVSO site back up and running again.
There does apparently remain some problems though. Eddy Muyllaert has asked me to mention here that he is unable to change his password to log-in, as he isn't receiving the e-mail back from AAVSO with further instructions (so he is unable to post here himself). He has apparently sent a few e-mails to individuals asking for help, but no response (maybe they are getting some well earned sleep Eddy :-). If someone at HQ reads this, perhaps they might contact Eddy and give him some advice please.
Gary [PYG]
Yes, thanks to everyone for getting things back up.
I sent an email to compstars@aavso.org. (I was after a sequenc for AO Aqr). It bounced - I presume because things are not entirely fixed yet. Justn letting you know in case it might be helpful.
Cheers
Jonathan
I changed my password on first post-resurrection login. I was forced to use a tricky password... which I seem to have forgotten already, or at least it is not accepted. When I use the "forgot my password" process again, it sends me a link that logs me in, but when I go to "reset my password", a page comes up saying I am not authorized to do so.
8-(
Gary Billings
Thank you for the efficient recovery, and for the security information regarding password exchange.
thumbs UP for the staff involved.
there seems to be problems with the Tools of the aavso, several internal servers errors, and information disclosures of type of operating system.
was there any problem with recent submission of measures of variables?
since they don't appear in the light curve generator?
kind regards
[CJGB] - JAC
Hello,
I'm no longer able to upload sunspot data through SunEntry, I now receive a server communication failure. I do not know if this problem is related to the security breach. I have changed my password and installed latest Java update but this did not help.
Thank you for any assistance in solving this issue.
Raffaello Braga (Milano, Italy)
My son manages a server farm and I know indirectly the amount of work that both Doc and Will had to do to get the system back up. Yes there is still work to be done and system checks to go through, however I have been able to access everything that i need to access. I greatly appreciate their efforts. Thanks guys for all of your hard work
Cheers,
Bob
I had the same problem as Mr. Billings when I tried to get a new password. But I noticed I was signed in after using the link, and I just went to my account page, and entered a new password like I would normally do any old day, and that works now. So if ones emailed link still works, you can try that.
- - Conan
Yes, what Conan reported works for me, too. I.e. going to "my account" and changing the password, rather than using the link from the email re the one-time password.
Thanks!
Gary Billings