Firefox Community Site Hacked
Ryan Paul writes "The Mozilla Foundation reveals that remote attackers infiltrated the SpreadFirefox server by exploiting a site vulnerability. While it appears as though no personal information was accessed, e-mails were sent to inform all registered SpreadFirefox users of the breach. Ars Technica has the complete story." From the Ars article: "Preliminary analysis indicates that the exploit was limited to SpreadFirefox exclusively, meaning that other Mozilla Foundation web sites were not attacked or compromised. The vulnerability, which was exploited by 'unknown remote attackers,' could potentially have enabled the forces of computing darkness to obtain the username and password of every registered SpreadFirefox user, as well as any other optional information that users may have provided, including: real name, web site URL, e-mail address, IM screename, and home address."
Why would you ever give all that personal info to a random website? Even if you're a big Firefox advocate, what possible value does it add to the project to provide them with your home address? At best, you're going to get spammed. at worst, you get your identity stolen. duh.
I want to delete my account but Slashdot doesn't allow it.
Firefox, I'd like to introduce you to "wide-spread" usage.
Wide spread usage, this is firefox.
(sarcastic comment overload)
I hope that they use some of that $10,000 in donations that they received to patch any additional security problems.
How is this insightful? It's nothing but an uninformed troll...
Drupal's staff has already stated that it is using *all* of the money donated for server and backend stuff as that's what the community expected it to be used for when they donated.
Drupal is just like any other piece of open source software... It has bugs, they are patched, and the notifications of the necessity to patch go out to the end users. It's then up to the end users to patch.
SpreadFirefox knew of the vunerability for 10 days before they were hacked on the 11th day. It's not Drupal's fault that the admins at SpreadFirefox didn't bother to upgrade.
What you are saying is, if I have a door and the lock breaks, it is my fault if I get robbed because I did not change the lock?
Nice way to twist the arguement.
Except that if it was widely publicized that ABC, Inc locks had a fatal flaw in them, but there was a modification to make it secure. But you didn't and somebody exploited that flaw to steal stuff.
Yes you'd bear some responsibility since you're housing OTHER peoples data and not doing everything reasonable to protect that data...and applying patches is plenty reasonable.
People in cars cause accidents....accidents in cars cause people
What you are saying is, if I have a door and the lock breaks, it is my fault if I get robbed because I did not change the lock??
The above poster said nothing of the kind. He did not blame the site for getting hacked, he blamed the administrators for not providing enough security. Let me rewrite your analogy.
Yesterday at the local businessman's meeting, security expert Mr. Smith revealed that the cheap, Walmart brand padlocks in use on many stores can be broken into very easily with a ordinary pen. Mr. Smith said that these locks should be replaced and are even in use on the jewelry store down the street where a number of us have our membership rings being resized... and two weeks later the jewelry store is broken into with a pen but someone happened by and the robbers ran away without stealing much.
Would it or would it not be correct to criticize the store owner for not changing the locks, even after they were shown faulty and after the whole group was told that he was using them?
How do we stop people from hacking websites and causing disturbances?
How do we stop people from robbing jewelry stores? Well we make sure the cops enforce the laws and we put in good locks and a security system. Nothing will ever stop all robberies or all cracks, but that does not mean we should not do our best to make any given store or server a hard target. Nor does it mean we should ignore security warnings.
Assume that the landlord of your apartment building uses ABC, Inc. locks with said flaw, and fails to fix that flaw in a timely manner, despite the fact that the fix is moderately simple and free to implement. You, the tennant, have no ability to apply this change yourself. Now, when the burglars come and exploit that flaw to steal all of your stuff, wouldn't you want to hold the landlord at least partially to blame as well as the burglars?
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
What you are saying is, if I have a door and the lock breaks, it is my fault if I get robbed because I did not change the lock??
The problem is with the criminal who breaks into websites. If I wanted zero security for my website, I should be allowed to have zero security and not have anyone hack in.
Ugh, I am so sick of the never-ending analogies in this friggin place! Try this non-analogous rebuttal on for size:
negligence Audio pronunciation of "negligence" ( P ) Pronunciation Key (ngl-jns) n.
1. The state or quality of being negligent.
2. A negligent act or a failure to act.
3. Law. Failure to exercise the degree of care considered reasonable under the circumstances, resulting in an unintended injury to another party.