[guardian-dev] ALERT: matrix.org compromised, change your IRC passwords

Abel Luck abel at guardianproject.info
Fri Apr 12 06:51:00 EDT 2019


Also remove the signing key:

$ sudo apt-key del "6FEB 6F83 D48B 9354 7E7D  FEDE E019 6452 48E8 F4A1"

Hans-Christoph Steiner:
> 
> Also, more bad news: it seems they kept their GPG signing key for their
> Debian packages online:
> 
> https://github.com/matrix-org/matrix.org/issues/364
> 
> You should immediately remove the riot Debian repo since the install
> process of deb packages runs things as root.  You can see whether your
> Debian-ish machine has this repo by doing:
> 
> $ grep riot.im /etc/apt/sources.list /etc/apt/sources.list.d/*
> 
> .hc
> 
> Abel Luck:
>> Also folks:
>>
>> If you still have Riot open and it hasn't logged you out yet, you need
>> to export your E2E room keys so you don't lose your chat history.
>>
>> Click your profile icon in the top left
>> Choose settings, then security
>> Click export E2E room keys
>> Create a new secure password you store in your password manager to
>> encrypt the keys with
>> Save them and await for the service to come back so you can import them
>> again
>>
>> ~abel
>> _______________________________________________
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
>>
> 


More information about the guardian-dev mailing list