Archive for April, 2010
Eweek.com informs us that Apache.org was hacked compromising passwords of Apache-hosted JIRA, Bugzilla or Confluence users:
By Brian Prince
eWeek.com
2010-04-13The Apache Software Foundation reports that it was hit earlier in April
by a sophisticated attack that compromised user passwords.Hackers launched a multistage, targeted attack against the Apache
Software Foundation’s infrastructure April 5 that compromised user
passwords.According to the foundation, the hackers took advantage of an XSS
(cross-site scripting) vulnerability using a shortened URL to target the
server hosting issue-tracking software for the open-source group’s
projects. The foundation uses a donated instance of Atlassian JIRA to
track issues and requests, and hosted the instance on brutus.apache.org,
running Ubuntu Linux 8.04 LTS.“If you are a user of the Apache-hosted JIRA, Bugzilla or Confluence, a
hashed copy of your password has been compromised,” the foundation said
in an April 13 statement on the Apache Infrastructure Team blog. “JIRA
and Confluence both use a SHA-512 hash, but without a random salt. We
believe the risk to simple passwords based on dictionary words is quite
high, and most users should rotate their passwords.”
eWeek.com
2010-04-13
The Apache Software Foundation reports that it was hit earlier in April
by a sophisticated attack that compromised user passwords.
Hackers launched a multistage, targeted attack against the Apache
Software Foundation’s infrastructure April 5 that compromised user
passwords.
According to the foundation, the hackers took advantage of an XSS
(cross-site scripting) vulnerability using a shortened URL to target the
server hosting issue-tracking software for the open-source group’s
projects. The foundation uses a donated instance of Atlassian JIRA to
track issues and requests, and hosted the instance on brutus.apache.org,
running Ubuntu Linux 8.04 LTS.
“If you are a user of the Apache-hosted JIRA, Bugzilla or Confluence, a
hashed copy of your password has been compromised,” the foundation said
in an April 13 statement on the Apache Infrastructure Team blog. “JIRA
and Confluence both use a SHA-512 hash, but without a random salt. We
believe the risk to simple passwords based on dictionary words is quite
high, and most users should rotate their passwords.”
Promote Your Page Too
- BackDoor Alert (1)
- Backups (1)
- Blogging (2)
- Email (1)
- Facebook (1)
- Hosting (1)
- Imaging Software (1)
- Legal (1)
- Mac (1)
- Networking (1)
- Review (2)
- Security (7)
- Twitter (1)
- Uncategorized (2)
- Windows (1)
You are currently browsing the TechPunk.net blog archives for April, 2010.