Slashdot Mirror

← Back to Stories (view on slashdot.org)

SpreadFirefox Security Breached (again)

Posted by CmdrTaco on from the hate-when-that-happens dept.

Kurt writes "The hugely popular SpreadFirefox project, a Firefox community marketing site, has recently fallen victim to a security breach in their TWiki software. This breach has forced the site to shutdown until October 19th. During this time, they will be performing a rebuild of the SpreadFirefox system, to hopefully curb more security breaches."

9 of 140 comments (clear)

  1. hm by sexyrexy · · Score: 4, Insightful

    OSS isn't inherently any more secure than proprietary software. It's just that the nature of the typical OSS developer vs a corporation means that the OSS organization is more transparent when bad things do happen. It doesn't mean that the security breach didn't already happen, though.

    --

    Rex is 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    1. Re:hm by ArsenneLupin · · Score: 4, Insightful
      the OSS organization is more transparent when bad things do happen

      That's correct. OSS organizations already warn their public if something might have happened to their website.

      Commercial organizations, on the other hand, don't warn their public. There may even be entire herds of goats trampling all over their website, and the public still isn't warned. Instead they quietely chase away the goats, still without a word of explanation to the public. And then completely forget to mend the fence through which the goats entered!

    2. Re:hm by ajs318 · · Score: 4, Insightful

      OSS is inherently more secure than proprietary software.

      Proprietary software authors do not have to do things "properly", they just kludge things together that may or may not work in every possible weirdy case, and rely on nobody ever seeing what an awful job they made of it in the first place. Witness any open source project that used to be closed-source {Mozilla; OpenOffice.org; Solaris}. Open Source developers have to write code that they would not be ashamed to show to anybody, because they do not know who is going to be looking at it. To quote Larry Wall, "Hubris is the quality that makes you write (and maintain) programs that other people won't want to say bad things about. Hence, the third great virtue of a programmer." They also have to write code in such a way that it won't be obvious from inspecting it how to misuse it.

      Morbid curiosity is what makes people look at source code; and there are significantly more good guys than bad, so if anyone is looking at your source code, the chances are that their intentions are honourable.

      --
      Je fume. Tu fumes. Nous fûmes!
    3. Re:hm by saider · · Score: 2, Insightful

      I have seen a good number comments in all kinds of projects that can be summed up as...
      // This is ugly, but it works

      Often it is the result of shoddy hardware design or trying to weld pieces of code together that were never designed for it. Sometimes you have to resort to "bad code" to achieve your goals.

      --


      Remember, You are unique...just like everyone else.
    4. Re:hm by Dan+Ost · · Score: 2, Insightful

      Ugly code should be tolerated only if it is the only
      alternative to getting the code to work before the deadline.
      And even then, it should only be tolerated if you've tried
      and failed to move the deadline back. And then it should be
      removed as soon as possible.

      Ugly code, left unchecked, spreads like crazy because you
      have to code around it which makes more ugly code that has
      to be coded around.

      Don't write ugly code.

      --

      *sigh* back to work...
  2. Can you imagine... by SocietyoftheFist · · Score: 3, Insightful

    Shutting your corporate website down for 2 weeks?

  3. Re:Not Mozilla software that was hacked by Gaspo · · Score: 3, Insightful

    It's not about the fact that it was a user community, rather than the actual Mozilla.org site that was compromised. From a PR standpoint, the reports will concentrate, I suspect, on the fact that something associated with Mozilla was broken into, and thus will cast the Mozilla Foundation as a whole in a rather negative glow. Hopefully it won't last too long, or perhaps hell will freeze over and accurate reporting will prevail.

  4. Re:Wow, on the heels of the HP/Netscape news... by Shaper_pmp · · Score: 3, Insightful

    Right. Of course.

    Because the guys behind Mozilla/Firefox are clearly the same people as those who write TWiki, right? And the guys who run the Firefox marketing site are clearly exactly the same guys who do the hardcore browser development too.

    I'm all for pointing out when anyone fucks up, regardless of if they're saintly Firefox developers or "t3h evil 0ne5" at Microsoft. Nevertheless, if we're going to start pointing fingers at anyone and scoring cheap points, can we at least make sure it's, y'know... their fault?

    Short-sightedly knee-jerking and implying a marketing-run website crack is in any way a reflection of the security of an entirely separate developer-run product is just as bad as the people you're having a go at that think FL/OSS developers' shit smells of roses.

    --
    Everything in moderation, including moderation itself
  5. Re:The difference between Mozilla and Firefox... by ninja_assault_kitten · · Score: 1, Insightful

    I *LOVE* how Firefox users have changed their tune in recent months. It's no longer "Firefox is more secure than IE!" and has no become "It's now about which is more secure, it's about response times!". :) It makes me smile every time.