[guardian-dev] ALERT: matrix.org compromised, change your IRC passwords
Abel Luck
abel at guardianproject.info
Fri Apr 12 06:51:00 EDT 2019
Also remove the signing key:
$ sudo apt-key del "6FEB 6F83 D48B 9354 7E7D FEDE E019 6452 48E8 F4A1"
Hans-Christoph Steiner:
>
> Also, more bad news: it seems they kept their GPG signing key for their
> Debian packages online:
>
> https://github.com/matrix-org/matrix.org/issues/364
>
> You should immediately remove the riot Debian repo since the install
> process of deb packages runs things as root. You can see whether your
> Debian-ish machine has this repo by doing:
>
> $ grep riot.im /etc/apt/sources.list /etc/apt/sources.list.d/*
>
> .hc
>
> Abel Luck:
>> Also folks:
>>
>> If you still have Riot open and it hasn't logged you out yet, you need
>> to export your E2E room keys so you don't lose your chat history.
>>
>> Click your profile icon in the top left
>> Choose settings, then security
>> Click export E2E room keys
>> Create a new secure password you store in your password manager to
>> encrypt the keys with
>> Save them and await for the service to come back so you can import them
>> again
>>
>> ~abel
>> _______________________________________________
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
>>
>
More information about the guardian-dev
mailing list