Actions

Difference between revisions of "Contributors"

From Mahara Wiki

(33 intermediate revisions by the same user not shown)
Line 20: Line 20:
 
This is a list of security researchers that have contributed to Mahara itself. These people have followed the [[Security | responsible disclosure practise after finding security vulnerabilities in the Mahara codebase]].
 
This is a list of security researchers that have contributed to Mahara itself. These people have followed the [[Security | responsible disclosure practise after finding security vulnerabilities in the Mahara codebase]].
  
* Aaron Barnes - [https://twitter.com/spastk @spastk]
+
* [https://twitter.com/spastk Aaron Barnes]
* Abdullah Hussam Gazi - [https://twitter.com/Abdulahhusam Facebook]
+
* [https://twitter.com/Abdulahhusam Abdullah Hussam Gazi]
* Abhishek Dashora - [https://www.facebook.com/ad271 Facebook]
+
* [https://www.facebook.com/ad271 Abhishek Dashora]
* Ahmad Ashraff - [https://twitter.com/yappare @yappare]
+
* [https://twitter.com/yappare Ahmad Ashraff]
* Ahmed Jerbi - [https://www.facebook.com/ahmed.jerbi.web.plus Facebook]
+
* [https://www.facebook.com/ahmed.jerbi.web.plus Ahmed Jerbi]
* Ajay Singh Negi [http://computersecuritywithethicalhacking.blogspot.in/ personal website] - [https://twitter.com/ajaysinghnegi @ajaysinghnegi]
+
* [http://computersecuritywithethicalhacking.blogspot.in/ Ajay Singh Negi]
* Anurag Srivastava - [https://twitter.com/hexachordanu @hexachordanu]
+
* [https://twitter.com/hexachordanu Anurag Srivastava]
* C Vishnu Vardhan Reddy (Vishnu_dfx) - [https://www.facebook.com/vishnu.dfx Facebook]
+
* [https://www.facebook.com/vishnu.dfx C Vishnu Vardhan Reddy (Vishnu_dfx)]
* chbi - [https://chbi.eu/ personal website]
+
* [https://chbi.eu/ chbi]
 +
* [http://www.codesafe.cn/ 陈瑞琦 (Chen Ruiqi)]
 
* Dushyant Sahu
 
* Dushyant Sahu
* Dylan S. Hailey - [http://www.twitter.com/tibitximer @TibitXimer]
+
* [http://www.twitter.com/tibitximer Dylan S. Hailey]
* Emanuel Bronshtein - [https://twitter.com/e3amn2l @e3amn2l]
+
* [https://twitter.com/e3amn2l Emanuel Bronshtein]
* FaisaL Ahmed - [http://faisalahmed.me/ personal website]
+
* [http://faisalahmed.me/ FaisaL Ahmed]
* Hammad Mahmood - [http://facebook.com/hammad.mahmood.14019 Facebook]
+
* [http://facebook.com/hammad.mahmood.14019 Hammad Mahmood]
* Hamid Ashraf - [https://twitter.com/hamihax @hamihax]
+
* [https://twitter.com/hamihax Hamid Ashraf]
* Himanshu Kumar Das - [https://twitter.com/mehimansu @mehimansu]
+
* [https://twitter.com/mehimansu Himanshu Kumar Das]
* Jaume Llopis Pujal - [https://twitter.com/JKS___ @JKS___]
+
* [https://twitter.com/JKS___ Jaume Llopis Pujal]
* Kamil Sevi - [https://twitter.com/kamilsevi @kamilsevi]
+
* [https://twitter.com/kamilsevi Kamil Sevi]
* Kirtikumar Anandrao Ramchandani - [https://m.facebook.com/kirti.ar Facebook]
+
* [https://m.facebook.com/kirti.ar Kirtikumar Anandrao Ramchandani]
* M.R.Vignesh Kumar - [https://twitter.com/vigneshkumarmr @vigneshkumarmr]
+
* [https://twitter.com/vigneshkumarmr M.R.Vignesh Kumar]
* Mahmut Esat Yildirim - [http://www.mahmutesat.com personal website]
+
* [http://www.mahmutesat.com Mahmut Esat Yildirim]
 
* Mike Haworth
 
* Mike Haworth
* Mushraf Mustafa - [http://Facebook.com/mushrafmustafaofficial Facebook]
+
* [http://Facebook.com/mushrafmustafaofficial Mushraf Mustafa]
* Narendra Bhati (R00t Sh3ll), Web Security Geeks - [https://twitter.com/NarendraBhatiB @NarendraBhatiB]
+
* [https://twitter.com/NarendraBhatiB Narendra Bhati (R00t Sh3ll), Web Security Geeks]
* Nitin Goplani - [https://www.linkedin.com/in/nitingoplani LinkedIn]
+
* [https://www.linkedin.com/in/nitingoplani Nitin Goplani]
* Prashant Negi - [https://twitter.com/prashantnegi_ @prashantnegi_]
+
* [https://twitter.com/prashantnegi_ Prashant Negi]
* Rafay Baloch - [http://rafayhackingarticles.net personal website]
+
* [http://rafayhackingarticles.net Rafay Baloch]
* Roman Mironov - [http://uk.linkedin.com/in/rmironov LinkedIn]
+
* [http://uk.linkedin.com/in/rmironov Roman Mironov]
* SaifAllah benMassaoud - [https://www.facebook.com/WhiteHatSecuri Facebook]
+
* [https://www.facebook.com/WhiteHatSecuri SaifAllah benMassaoud]
* Sajibe Kanti - [https://www.facebook.com/sajibe.kanti Facebook]
+
* [https://www.facebook.com/sajibe.kanti Sajibe Kanti]
* Saurabh Chandrakant Nemade - [https://facebook.com/saurabh.nemade Facebook]
+
* [https://facebook.com/saurabh.nemade Saurabh Chandrakant Nemade]
 
* Sergey Markov
 
* Sergey Markov
* Siddhesh Gawde - [http://www.facebook.com/pen3t3r Facebook]
+
* [http://iosec.in/ Shekhar Suman]
* Tom Forbes - [http://tomforb.es personal website]
+
* [http://www.facebook.com/pen3t3r Siddhesh Gawde]
* Vineet Kumar - [https://twitter.com/the_real_clown Twitter]
+
* [http://tomforb.es Tom Forbes]
* Wan Ikram - [https://twitter.com/rinakikun @rinakikun]
+
* [https://twitter.com/the_real_clown Vineet Kumar]
* Wen-Chang Chien (簡文章) - [https://launchpad.net/~wcchien Launchpad]
+
* [https://twitter.com/rinakikun Wan Ikram]
* Yuji Tounai - [https://twitter.com/yousukezan @yousukezan]
+
* [https://launchpad.net/~wcchien Wen-Chang Chien (簡文章)]
* Zeeshan - [http://fb.com/zeex.zeeshan Facebook]
+
* [https://twitter.com/yousukezan Yuji Tounai]
 +
* [http://fb.com/zeex.zeeshan Zeeshan]
  
 
== Mahara project infrastructure ==
 
== Mahara project infrastructure ==
This second list is of security researchers who have reported security issues with the infrastructure of the Mahara project which can include all the websites (mahara.org, wiki.mahara.org, manual.mahara.org, langpacks.mahara.org, reviews.mahara.org, git.mahara.org, test.mahara.org), the servers that host those websites, and any auxillary tools (such as launchpad for bug tracking, github.com for git hosting).
+
This second list is of security researchers who have reported security issues with the configuration or version of software used on the infrastructure of the Mahara project which can include all the websites (mahara.org, wiki.mahara.org, manual.mahara.org, langpacks.mahara.org, reviews.mahara.org, git.mahara.org, test.mahara.org) and the servers that host those websites.
  
 
These people have followed the [[Security | responsible disclosure practise after finding security vulnerabilities in the Mahara project infrastructure]].
 
These people have followed the [[Security | responsible disclosure practise after finding security vulnerabilities in the Mahara project infrastructure]].
  
* mahara.org vulnerable to the BEAST SSL/TLS attack
+
The list is in reverse chronological order.
** Adam Ziaja (http://adamziaja.com)
+
 
* A problem in the custom DuckDuckGo search setup on mahara.org
+
===2019===
** David Vieira-Kurz of MajorSeurity - [https://twitter.com/secalert @secalert]
+
 
* mahara.org servers exposing web server version
+
* Restrict access to certain files on wiki.mahara.org - [https://www.linkedin.com/in/harsh-joshi-107397160 Harsh Joshi]
** Emanuel Bronshtein - [https://twitter.com/e3amn2l&lang=en @e3amn2l]
+
 
* Directory listings active on wiki.mahara.org
+
===2018===
** Parveen Yadav (https://www.facebook.com/proXy.test) & Ankit Bharathan
+
 
* mahara.org vulnerable to the CCS SSL/TLS attack (https://www.openssl.org/news/secadv_20140605.txt)
+
* Content spoofing on mahara.org - [https://m.facebook.com/Mr.Ch4rLi3 Ratnadip Gajbhiye]
** S. Venkatesh - [https://twitter.com/pranavvenkats @pranavvenkats]
+
* X-Frame-Options HTTP header on wiki.mahara.org not set to "Deny" - [https://m.facebook.com/Mr.Ch4rLi3 Ratnadip Gajbhiye]
* SHA-1 intermediate SSL certificates on some *.mahara.org sites
+
* SSH banner on git.mahara.org contains comment string - [https://m.facebook.com/kirti.ar Kirtikumar Anandrao Ramchandani]
** Mohamed Chamli (https://www.facebook.com/TnMcH)
+
* Not disclosed yet; awaiting reply from the open source project affected - [https://www.linkedin.com/in/nikhil-sahoo-87204b106/ Nikhil Sahoo] and [https://www.linkedin.com/in/ipsita-subhadarshan-sahoo-907b32150/ Ipsita Subhadarshan Sahoo]
* SPF not setup for @mahara.org email
+
* Host header attack on wiki.mahara.org - [https://www.linkedin.com/in/thrivikram-gujarathi-independent-web-penetration-tester-53074796 Thrivikram Gujarathi]
** Ashesh Kumar (https://www.facebook.com/ashesh1708)
+
 
** Ketan Patil (http://www.infobittechnologies.com/)
+
===2011-2017===
* SSL configuration on mahara.org still allowing TLSv1 128 bit RC4-SHA
+
* Preloading of HSTS and increasing max age for wiki.mahara.org - [https://m.facebook.com/Mr.Ch4rLi3 Ratnadip Gajbhiye]
** SaifAllah benMassaoud (https://www.facebook.com/WhiteHatSecuri)
+
* DNSSEC and Domain Registry Protection (DRP is not available for .org domains though) - [https://m.facebook.com/kirti.ar Kirtikumar Anandrao Ramchandani]
* SSL configuration on mahara.org still allowing TLS_RSA_WITH_RC4_128_SHA and TLS_ECDHE_RSA_WITH_RC4_128_SHA
+
* Set Certificate Authority Authorization - [https://www.facebook.com/profile.php?id=100011024580051 Shwetabh Suman]
** Shawar Khan (http://shawarkhan.com)
+
* Proxy protection to prevent bypassing of X-Frame-Options - [http://Facebook.com/mushrafmustafaofficial Mushraf Mustafa]
* <span id="error-page-phishing">mahara.org printing full requested URL on error pages, which could potentially be part of a very weak phishing attack</span>
+
* Extend spam protection with DMARC / DKIM - [https://www.facebook.com/sam.patel.9822 Pal Patel]
** Girish Sp - [https://twitter.com/Girish0777 @Girish0777]
+
* Strict-Transport-Security header was not set - [https://www.linkedin.com/in/kyawthiha89 Kyaw Thiha]
* X-XSS-Protection header is not set ([https://bugs.launchpad.net/mahara/+bug/1531987 Bug report to improve security allaround])
+
* Content spoofing on 404 page - [https://www.facebook.com/T4YM.phtml Taimoor Abid]
** SaifAllah benMassaoud - [https://www.facebook.com/WhiteHatSecuri Facebook]
+
* Some 301 redirects on mahara.org used Host field of HTTP request rather than hard-coded URL; potential for a cache poisoning attack - Vikram Singh Rathore of [https://www.torridnetworks.com/home Torrid Networks Pvt Ltd]
** Zeeshan - [http://fb.com/zeex.zeeshan Facebook]
+
* SPF record for mahara.org breaks length limit - [https://twitter.com/rohittourister Rohit Kumar]
* SPF record for mahara.org breaks length limit
+
* X-XSS-Protection header is not set ([https://bugs.launchpad.net/mahara/+bug/1531987 Bug report to improve security allaround]) - [https://www.facebook.com/WhiteHatSecuri SaifAllah benMassaoud] - [http://fb.com/zeex.zeeshan Zeeshan]
** Rohit Kumar - [https://twitter.com/rohittourister @rohittourister] [https://facebook.com/rohitcoder Facebook] https://www.infooby.com
+
* <span id="error-page-phishing">mahara.org printing full requested URL on error pages, which could potentially be part of a very weak phishing attack</span> - [https://twitter.com/Girish0777 Girish Sp]
* Some 301 redirects on mahara.org used Host field of HTTP request rather than hard-coded URL; potential for a cache poisoning attack
+
* SSL configuration on mahara.org still allowing TLS_RSA_WITH_RC4_128_SHA and TLS_ECDHE_RSA_WITH_RC4_128_SHA - [http://shawarkhan.com Shawar Khan]
** Vikram Singh Rathore of [https://www.torridnetworks.com/home Torrid Networks Pvt Ltd]
+
* SSL configuration on mahara.org still allowing TLSv1 128 bit RC4-SHA - [https://www.facebook.com/WhiteHatSecuri SaifAllah benMassaoud]
* Content spoofing on 404 page
+
* SPF not setup for @mahara.org email - [https://www.facebook.com/ashesh1708 Ashesh Kumar] - [http://www.infobittechnologies.com/ Ketan Patil]
** Taimoor Abid - [https://www.facebook.com/T4YM.phtml Facebook]
+
* SHA-1 intermediate SSL certificates on some *.mahara.org sites - [https://www.facebook.com/TnMcH Mohamed Chamli]
* Strict-Transport-Security header was not set
+
* mahara.org vulnerable to the CCS SSL/TLS attack (https://www.openssl.org/news/secadv_20140605.txt) - [https://twitter.com/pranavvenkats S. Venkatesh]
** Kyaw Thiha - [https://www.linkedin.com/in/kyawthiha89 Linkedin]
+
* Directory listings active on wiki.mahara.org - [https://www.facebook.com/proXy.test Parveen Yadav] & Ankit Bharathan
* Extend spam protection with DMARC / DKIM
+
* mahara.org servers exposing web server version - [https://twitter.com/e3amn2l Emanuel Bronshtein]
** Pal Patel - [https://www.facebook.com/sam.patel.9822 Facebook]
+
* A problem in the custom DuckDuckGo search setup on mahara.org - [https://twitter.com/secalert David Vieira-Kurz of MajorSeurity]
* Proxy protection to prevent bypassing of X-Frame-Options
+
* mahara.org vulnerable to the BEAST SSL/TLS attack - [http://adamziaja.com Adam Ziaja]
** Mushraf Mustafa - [http://Facebook.com/mushrafmustafaofficial Facebook]
 
* Set Certificate Authority Authorization
 
** Shwetabh Suman - [https://www.facebook.com/profile.php?id=100011024580051 Facebook]
 
* DNSSEC and Domain Registry Protection (DRP is not available for .org domains though)
 
** Kirtikumar Anandrao Ramchandani - [https://m.facebook.com/kirti.ar Facebook]
 
  
 
=Organizations=
 
=Organizations=
Line 110: Line 107:
 
A large part of the development on Mahara would not be possible without the funding from institutions and organizations.
 
A large part of the development on Mahara would not be possible without the funding from institutions and organizations.
  
== Mahara 18.04 (not yet released) ==
+
== Mahara 19.10 ==
 +
 
 +
* [https://catalyst.net.nz/ Catalyst]
 +
* [https://www.dcu.ie/ Dublin City University]
 +
* [https://learningworks.co.nz/ LearningWorks]
 +
* [https://mitstek.com Mitstek]
 +
* [http://switch.ch/ SWITCH]
 +
* [http://anu.edu.au/ The Australian National University]
 +
* [https://www.uni-bremen.de/ Universität Bremen]
 +
* [http://umontreal.ca Université de Montréal]
 +
* [https://unisa.edu.au University of South Australia]
 +
* [http://sussex.ac.uk University of Sussex]
 +
 
 +
&nbsp;
 +
 
 +
== Mahara 19.04 ==
 +
 
 +
* [http://carleton.ca Carleton University]
 +
* [https://catalyst.net.nz/ Catalyst]
 +
* [http://www.ls-bw.de/,Lde/Startseite Landesinstitut für Schulentwicklung] (State Institute for School Development in Baden-Württemberg, Germany)
 +
* [https://learningworks.co.nz/ LearningWorks]
 +
* [http://povsod.com/ Povsod]
 +
* [https://recordingarts.com/ Recording Arts Canada]
 +
* [http://switch.ch/ SWITCH]
 +
* [http://synergy-learning.com/ Synergy Learning]
 +
* [http://umontreal.ca Université de Montréal]
 +
* [https://www.schule.de/ Verein zur Förderung eines Offenen Deutschen Schul-Netzes]
 +
* [http://www.waitematadhb.govt.nz/ Waitematā District Health Board]
 +
 
 +
&nbsp;
 +
 
 +
== Mahara 18.10 ==
 +
 
 +
* [http://acu.edu.au/ Australian Catholic University]
 +
* [https://catalyst.net.nz/ Catalyst]
 +
* [http://cqu.edu.au/ Central Queensland University]
 +
* [https://www.countiesmanukau.health.nz Counties Manukau District Health Board]
 +
* [https://www.dcu.ie/ Dublin City University]
 +
* [https://methodistnorth.org.nz/east-coast-bays-methodist/ East Coast Bays Methodist Parish]
 +
* [https://enovation.ie/ Enovation]
 +
* [http://www.kpu.ca/ Kwantlen Polytechnic University]
 +
* [http://www.ls-bw.de/,Lde/Startseite Landesinstitut für Schulentwicklung] (State Institute for School Development in Baden-Württemberg, Germany)
 +
* [https://learningworks.co.nz/ LearningWorks]
 +
* [https://www.monashcollege.edu.au/ Monash College]
 +
* [http://phbern.ch/ PHBern]
 +
* [http://povsod.com/ Povsod]
 +
* [https://www.qmul.ac.uk/ Queen Mary University of London]
 +
* [http://switch.ch/ SWITCH]
 +
* [https://www.stcatherinescollege.school.nz/ St. Catherine's College, Wellington]
 +
* [http://synergy-learning.com/ Synergy Learning]
 +
* [https://www.tc.columbia.edu/ Teachers College, Columbia University]
 +
* [http://anu.edu.au/ The Australian National University]
 +
* [https://www.uni-bremen.de/ Universität Bremen]
 +
* [http://unil.ch/ Université de Lausanne]
 +
* [https://www.canberra.edu.au/ University of Canberra]
 +
* [https://usq.edu.au/ University of Southern Queensland]
 +
* [http://www.waitematadhb.govt.nz/ Waitematā District Health Board]
 +
* [https://www.yorksj.ac.uk/ York St John University]
 +
 
 +
&nbsp;
 +
 
 +
== Mahara 18.04 ==
 +
 
 +
* [http://anu.edu.au The Australian National University]
 +
* [http://carleton.ca Carleton University]
 +
* [https://catalyst.net.nz Catalyst]
 +
* [http://cqu.edu.au Central Queensland University]
 +
* [http://www.ls-bw.de/,Lde/Startseite Landesinstitut für Schulentwicklung] (State Institute for School Development in Baden-Württemberg, Germany)
 +
* [http://education.govt.nz New Zealand Ministry of Education]
 +
* [http://pace.edu Pace University]
 +
* [http://phbern.ch PHBern]
 +
* [http://povsod.com/ Povsod]
 +
* [https://www.qmul.ac.uk Queen Mary University of London]
 +
* [http://switch.ch SWITCH]
 +
* [http://synergy-learning.com Synergy Learning]
 +
* [https://www.totaralms.com Totara LMS]
 +
* [http://sussex.ac.uk University of Sussex]
  
* [http://catalyst.net.nz Catalyst]
+
&nbsp;
* [http://phbern.ch PH Bern]
 
  
 
== Mahara 17.10 ==
 
== Mahara 17.10 ==

Revision as of 09:21, 1 November 2019

Mahara is developed by a world-wide team of programmers, translators, designers and enthusiastic amateurs. Many individuals and groups have contributed to Mahara so far.

Core Teams

Community

Security researchers

Mahara code

This is a list of security researchers that have contributed to Mahara itself. These people have followed the responsible disclosure practise after finding security vulnerabilities in the Mahara codebase.

Mahara project infrastructure

This second list is of security researchers who have reported security issues with the configuration or version of software used on the infrastructure of the Mahara project which can include all the websites (mahara.org, wiki.mahara.org, manual.mahara.org, langpacks.mahara.org, reviews.mahara.org, git.mahara.org, test.mahara.org) and the servers that host those websites.

These people have followed the responsible disclosure practise after finding security vulnerabilities in the Mahara project infrastructure.

The list is in reverse chronological order.

2019

  • Restrict access to certain files on wiki.mahara.org - Harsh Joshi

2018

2011-2017

Organizations

A large part of the development on Mahara would not be possible without the funding from institutions and organizations.

Mahara 19.10

 

Mahara 19.04

 

Mahara 18.10

 

Mahara 18.04

 

Mahara 17.10

 

Mahara 17.04

 

Mahara 16.10

 

Mahara 16.04

 

Mahara 15.10

 

Mahara 15.04

Mahara 15.04 was released on 17 April 2015.

 

Mahara 1.10

Mahara 1.10 was released on 21 October 2014.

 

Mahara 1.9

Mahara 1.9 was released on 15 April 2014.

 

Mahara 1.8

Mahara 1.8 was released on 24 October 2013.

 

Mahara 1.7

Mahara 1.7 was released on 19 April 2013.

 

Mahara 1.6

Mahara 1.6 was released on 17 April 2012.

 

Mahara 1.5

Mahara 1.5 was released on 13 June 2011.

 

Pre Mahara 1.5

The University of Glasgow have funded several pieces of work for us, including View Templates, part of Import/Export (the HTML export is thanks to them), and various bug fixes.

GLISI / Ray Merrill funded enhancements to Mahara's groups, and Ray has provided much invaluable guidance around Mahara's usability.

With JISC funding we were able to add import/export functionality to the Mahara e-portfolio system, as part of the 1.2 release. This work was sponsored by the University of London Computer Centre, University of Glasgow and JISC Cetis.

A collaborative group in the State of New Hampshire funded the ability to submit Mahara Views for assessment in Moodle, through a grant from the New Hampshire Department of Education.

Cambridge University School of Clinical Medicine sponsored the development of the plugin Problems & Conditions.

The BScE at the University of Luxembourg funded the development of the tag cloud, improvements to the feedback function in the 1.2 and 1.3 releases, and bug fixes for Mac servers.

Birmingham City University funded the initial development work for Collections and Plans (new features in Mahara 1.3). They also supported the development of locking down blog posts and files that are used in submitted views.

Lancaster University Network Services (LUNS Ltd.) was funded by Cumbria and Lancashire Education Online (CLEO) to design several features.

The New Zealand Ministry of Education funded a large number of features and usability changes to Mahara 1.4 and 1.5 that were implemented by Catalyst IT