Actions

Difference between revisions of "Contributors"

From Mahara Wiki

(One intermediate revision by the same user not shown)
Line 67: Line 67:
 
These people have followed the [[Security | responsible disclosure practise after finding security vulnerabilities in the Mahara project infrastructure]].
 
These people have followed the [[Security | responsible disclosure practise after finding security vulnerabilities in the Mahara project infrastructure]].
  
* mahara.org vulnerable to the BEAST SSL/TLS attack
+
The list is in reverse chronological order.
** [http://adamziaja.com Adam Ziaja]
+
 
* A problem in the custom DuckDuckGo search setup on mahara.org
+
===2018===
** [https://twitter.com/secalert David Vieira-Kurz of MajorSeurity]
+
* Not disclosed yet; awaiting reply from the open source project affected - [https://www.linkedin.com/in/nikhil-sahoo-87204b106/ Nikhil Sahoo] and [https://www.linkedin.com/in/ipsita-subhadarshan-sahoo-907b32150/ Ipsita Subhadarshan Sahoo]
* mahara.org servers exposing web server version
+
* Host header attack on wiki.mahara.org - [https://www.linkedin.com/in/thrivikram-gujarathi-independent-web-penetration-tester-53074796 Thrivikram Gujarathi]
** [https://twitter.com/e3amn2l Emanuel Bronshtein]
+
* Password auto-complete enabled - [https://m.facebook.com/kirti.ar Kirtikumar Anandrao Ramchandani]
* Directory listings active on wiki.mahara.org
+
 
** [https://www.facebook.com/proXy.test Parveen Yadav] & Ankit Bharathan
+
===2011-2017===
* mahara.org vulnerable to the CCS SSL/TLS attack (https://www.openssl.org/news/secadv_20140605.txt)
+
* Preloading of HSTS and increasing max age for wiki.mahara.org - [https://m.facebook.com/Mr.Ch4rLi3 Ratnadip Gajbhiye]
** [https://twitter.com/pranavvenkats S. Venkatesh]
+
* DNSSEC and Domain Registry Protection (DRP is not available for .org domains though) - [https://m.facebook.com/kirti.ar Kirtikumar Anandrao Ramchandani]
* SHA-1 intermediate SSL certificates on some *.mahara.org sites
+
* Set Certificate Authority Authorization - [https://www.facebook.com/profile.php?id=100011024580051 Shwetabh Suman]
** [https://www.facebook.com/TnMcH Mohamed Chamli]
+
* Proxy protection to prevent bypassing of X-Frame-Options - [http://Facebook.com/mushrafmustafaofficial Mushraf Mustafa]
* SPF not setup for @mahara.org email
+
* Extend spam protection with DMARC / DKIM - [https://www.facebook.com/sam.patel.9822 Pal Patel]
** [https://www.facebook.com/ashesh1708 Ashesh Kumar]
+
* Strict-Transport-Security header was not set - [https://www.linkedin.com/in/kyawthiha89 Kyaw Thiha]
** [http://www.infobittechnologies.com/ Ketan Patil]
+
* Content spoofing on 404 page - [https://www.facebook.com/T4YM.phtml Taimoor Abid]
* SSL configuration on mahara.org still allowing TLSv1 128 bit RC4-SHA
+
* Some 301 redirects on mahara.org used Host field of HTTP request rather than hard-coded URL; potential for a cache poisoning attack - Vikram Singh Rathore of [https://www.torridnetworks.com/home Torrid Networks Pvt Ltd]
** [https://www.facebook.com/WhiteHatSecuri SaifAllah benMassaoud]
+
* SPF record for mahara.org breaks length limit - [https://twitter.com/rohittourister Rohit Kumar]
* SSL configuration on mahara.org still allowing TLS_RSA_WITH_RC4_128_SHA and TLS_ECDHE_RSA_WITH_RC4_128_SHA
+
* X-XSS-Protection header is not set ([https://bugs.launchpad.net/mahara/+bug/1531987 Bug report to improve security allaround]) - [https://www.facebook.com/WhiteHatSecuri SaifAllah benMassaoud] - [http://fb.com/zeex.zeeshan Zeeshan]
** [http://shawarkhan.com Shawar Khan]
+
* <span id="error-page-phishing">mahara.org printing full requested URL on error pages, which could potentially be part of a very weak phishing attack</span> - [https://twitter.com/Girish0777 Girish Sp]
* <span id="error-page-phishing">mahara.org printing full requested URL on error pages, which could potentially be part of a very weak phishing attack</span>
+
* SSL configuration on mahara.org still allowing TLS_RSA_WITH_RC4_128_SHA and TLS_ECDHE_RSA_WITH_RC4_128_SHA - [http://shawarkhan.com Shawar Khan]
** [https://twitter.com/Girish0777 Girish Sp]
+
* SSL configuration on mahara.org still allowing TLSv1 128 bit RC4-SHA - [https://www.facebook.com/WhiteHatSecuri SaifAllah benMassaoud]
* X-XSS-Protection header is not set ([https://bugs.launchpad.net/mahara/+bug/1531987 Bug report to improve security allaround])
+
* SPF not setup for @mahara.org email - [https://www.facebook.com/ashesh1708 Ashesh Kumar] - [http://www.infobittechnologies.com/ Ketan Patil]
** [https://www.facebook.com/WhiteHatSecuri SaifAllah benMassaoud]
+
* SHA-1 intermediate SSL certificates on some *.mahara.org sites - [https://www.facebook.com/TnMcH Mohamed Chamli]
** [http://fb.com/zeex.zeeshan Zeeshan]
+
* mahara.org vulnerable to the CCS SSL/TLS attack (https://www.openssl.org/news/secadv_20140605.txt) - [https://twitter.com/pranavvenkats S. Venkatesh]
* SPF record for mahara.org breaks length limit
+
* Directory listings active on wiki.mahara.org - [https://www.facebook.com/proXy.test Parveen Yadav] & Ankit Bharathan
** [https://twitter.com/rohittourister Rohit Kumar]
+
* mahara.org servers exposing web server version - [https://twitter.com/e3amn2l Emanuel Bronshtein]
* Some 301 redirects on mahara.org used Host field of HTTP request rather than hard-coded URL; potential for a cache poisoning attack
+
* A problem in the custom DuckDuckGo search setup on mahara.org - [https://twitter.com/secalert David Vieira-Kurz of MajorSeurity]
** Vikram Singh Rathore of [https://www.torridnetworks.com/home Torrid Networks Pvt Ltd]
+
* mahara.org vulnerable to the BEAST SSL/TLS attack - [http://adamziaja.com Adam Ziaja]
* Content spoofing on 404 page
 
** [https://www.facebook.com/T4YM.phtml Taimoor Abid]
 
* Strict-Transport-Security header was not set
 
** [https://www.linkedin.com/in/kyawthiha89 Kyaw Thiha]
 
* Extend spam protection with DMARC / DKIM
 
** [https://www.facebook.com/sam.patel.9822 Pal Patel]
 
* Proxy protection to prevent bypassing of X-Frame-Options
 
** [http://Facebook.com/mushrafmustafaofficial Mushraf Mustafa]
 
* Set Certificate Authority Authorization
 
** [https://www.facebook.com/profile.php?id=100011024580051 Shwetabh Suman]
 
* DNSSEC and Domain Registry Protection (DRP is not available for .org domains though)
 
** [https://m.facebook.com/kirti.ar Kirtikumar Anandrao Ramchandani]
 
* Preloading of HSTS and increasing max age for wiki.mahara.org
 
** [https://m.facebook.com/Mr.Ch4rLi3 Ratnadip Gajbhiye]
 
* Password auto-complete enabled
 
** [https://m.facebook.com/kirti.ar Kirtikumar Anandrao Ramchandani]
 
* Host header attack on wiki.mahara.org
 
** [https://www.linkedin.com/in/thrivikram-gujarathi-independent-web-penetration-tester-53074796 Thrivikram Gujarathi]
 
* Not disclosed yet; awaiting reply from the open source project affected
 
** [https://www.linkedin.com/in/nikhil-sahoo-87204b106/ Nikhil Sahoo] and [https://www.linkedin.com/in/ipsita-subhadarshan-sahoo-907b32150/ Ipsita Subhadarshan Sahoo]
 
  
 
=Organizations=
 
=Organizations=

Revision as of 17:30, 8 June 2018

Mahara is developed by a world-wide team of programmers, translators, designers and enthusiastic amateurs. Many individuals and groups have contributed to Mahara so far.

Core Teams

Community

Security researchers

Mahara code

This is a list of security researchers that have contributed to Mahara itself. These people have followed the responsible disclosure practise after finding security vulnerabilities in the Mahara codebase.

Mahara project infrastructure

This second list is of security researchers who have reported security issues with the configuration or version of software used on the infrastructure of the Mahara project which can include all the websites (mahara.org, wiki.mahara.org, manual.mahara.org, langpacks.mahara.org, reviews.mahara.org, git.mahara.org, test.mahara.org) and the servers that host those websites.

These people have followed the responsible disclosure practise after finding security vulnerabilities in the Mahara project infrastructure.

The list is in reverse chronological order.

2018

2011-2017

Organizations

A large part of the development on Mahara would not be possible without the funding from institutions and organizations.

Mahara 18.04

Mahara 17.10

 

Mahara 17.04

 

Mahara 16.10

 

Mahara 16.04

 

Mahara 15.10

 

Mahara 15.04

Mahara 15.04 was released on 17 April 2015.

 

Mahara 1.10

Mahara 1.10 was released on 21 October 2014.

 

Mahara 1.9

Mahara 1.9 was released on 15 April 2014.

 

Mahara 1.8

Mahara 1.8 was released on 24 October 2013.

 

Mahara 1.7

Mahara 1.7 was released on 19 April 2013.

 

Mahara 1.6

Mahara 1.6 was released on 17 April 2012.

 

Mahara 1.5

Mahara 1.5 was released on 13 June 2011.

 

Pre Mahara 1.5

The University of Glasgow have funded several pieces of work for us, including View Templates, part of Import/Export (the HTML export is thanks to them), and various bug fixes.

GLISI / Ray Merrill funded enhancements to Mahara's groups, and Ray has provided much invaluable guidance around Mahara's usability.

With JISC funding we were able to add import/export functionality to the Mahara e-portfolio system, as part of the 1.2 release. This work was sponsored by the University of London Computer Centre, University of Glasgow and JISC Cetis.

A collaborative group in the State of New Hampshire funded the ability to submit Mahara Views for assessment in Moodle, through a grant from the New Hampshire Department of Education.

Cambridge University School of Clinical Medicine sponsored the development of the plugin Problems & Conditions.

The BScE at the University of Luxembourg funded the development of the tag cloud, improvements to the feedback function in the 1.2 and 1.3 releases, and bug fixes for Mac servers.

Birmingham City University funded the initial development work for Collections and Plans (new features in Mahara 1.3). They also supported the development of locking down blog posts and files that are used in submitted views.

Lancaster University Network Services (LUNS Ltd.) was funded by Cumbria and Lancashire Education Online (CLEO) to design several features.

The New Zealand Ministry of Education funded a large number of features and usability changes to Mahara 1.4 and 1.5 that were implemented by Catalyst IT