Slashdot Mirror

← Back to Stories (view on slashdot.org)

SpreadFirefox Security Breached (again)

Posted by CmdrTaco on from the hate-when-that-happens dept.

Kurt writes "The hugely popular SpreadFirefox project, a Firefox community marketing site, has recently fallen victim to a security breach in their TWiki software. This breach has forced the site to shutdown until October 19th. During this time, they will be performing a rebuild of the SpreadFirefox system, to hopefully curb more security breaches."

1 of 140 comments (clear)

  1. Employee promises from the last incident. by CyricZ · · Score: 0, Flamebait
    The last time this happened I received the following replies to questions concerning the practices of the SpreadFirefox admins:

    http://it.slashdot.org/comments.pl?sid=155997&cid= 13079208
    mykmelez (6506) on Friday July 15, @08:01PM
    (I am a foundation employee, but I am now speaking for myself, not for the foundation.)

    You should trust our competency because we almost always stay up-to-date with the latest security updates to all installed software and because we're revising our security plan and procedures to seal up the cracks that this particular software update fell through.


    and

    http://it.slashdot.org/comments.pl?sid=155997&cid= 13079261
    by mykmelez (6506) on Friday July 15, @08:12PM
    You should trust the foundation's competency because they almost always stay up-to-date with the latest security updates to all installed software and because they are revising their security plan and procedures to make ensure that this lapse in the application of security updates does not recur.


    I was assured by a Mozilla Foundation employee, even if he was speaking for himself and not the foundation, that an incident like this would not happen again.

    Frankly, in the world of computer security and server administration, I'd say two strikes are more than enough. Perhaps it is time to get rid of those who cannot maintain a server properly, and protect the data of many thousands of users.

    Perhaps it's even time for a public inquiry into this matter. We need to know the name of the person(s) who is/are responsible for these numerous lapses. We need accountability. While an open source project does need all the help it can get, it does not need help that leads to the data of so many users being compromised.

    While I am an ardent open source supporter, I will not use Mozilla products until people are held responsible for these mistakes. I will stick to Konqueror and Opera, thank you.

    --
    Cyric Zndovzny at your service.