TechPunk » Uncategorized http://www.techpunk.net Tech Opinions, Reviews and News - Fighting IT Anarchy Sun, 24 Jul 2011 02:42:47 +0000 en hourly 1 http://wordpress.org/?v=3.3 Hackers Hit Apache.org – Passwords Compromised http://www.techpunk.net/2010/04/14/hackers-hit-apacheorg-passwords-compromised/ http://www.techpunk.net/2010/04/14/hackers-hit-apacheorg-passwords-compromised/#comments Wed, 14 Apr 2010 15:20:42 +0000 TechPunk http://www.techpunk.net/?p=56 Eweek.com informs us that Apache.org was hacked compromising passwords of Apache-hosted JIRA, Bugzilla or Confluence users:

By Brian Prince
eWeek.com
2010-04-13

The Apache Software Foundation reports that it was hit earlier in April
by a sophisticated attack that compromised user passwords.

Hackers launched a multistage, targeted attack against the Apache
Software Foundation’s infrastructure April 5 that compromised user
passwords.

According to the foundation, the hackers took advantage of an XSS
(cross-site scripting) vulnerability using a shortened URL to target the
server hosting issue-tracking software for the open-source group’s
projects. The foundation uses a donated instance of Atlassian JIRA to
track issues and requests, and hosted the instance on brutus.apache.org,
running Ubuntu Linux 8.04 LTS.

“If you are a user of the Apache-hosted JIRA, Bugzilla or Confluence, a
hashed copy of your password has been compromised,” the foundation said
in an April 13 statement on the Apache Infrastructure Team blog. “JIRA
and Confluence both use a SHA-512 hash, but without a random salt. We
believe the risk to simple passwords based on dictionary words is quite
high, and most users should rotate their passwords.”

By Brian Prince
eWeek.com
2010-04-13

The Apache Software Foundation reports that it was hit earlier in April
by a sophisticated attack that compromised user passwords.

Hackers launched a multistage, targeted attack against the Apache
Software Foundation’s infrastructure April 5 that compromised user
passwords.

According to the foundation, the hackers took advantage of an XSS
(cross-site scripting) vulnerability using a shortened URL to target the
server hosting issue-tracking software for the open-source group’s
projects. The foundation uses a donated instance of Atlassian JIRA to
track issues and requests, and hosted the instance on brutus.apache.org,
running Ubuntu Linux 8.04 LTS.

“If you are a user of the Apache-hosted JIRA, Bugzilla or Confluence, a
hashed copy of your password has been compromised,” the foundation said
in an April 13 statement on the Apache Infrastructure Team blog. “JIRA
and Confluence both use a SHA-512 hash, but without a random salt. We
believe the risk to simple passwords based on dictionary words is quite
high, and most users should rotate their passwords.”

]]> http://www.techpunk.net/2010/04/14/hackers-hit-apacheorg-passwords-compromised/feed/ 1 Coming Soon http://www.techpunk.net/2009/12/19/hello-world/ http://www.techpunk.net/2009/12/19/hello-world/#comments Sat, 19 Dec 2009 02:10:47 +0000 admin http://www.a-band.com/techpunk/?p=1 This site is currently under construction.

techpunk@techpunk.net

]]> http://www.techpunk.net/2009/12/19/hello-world/feed/ 0