Slashdot Mirror

← Back to Stories (view on slashdot.org)

SpreadFirefox Security Breached (again)

Posted by CmdrTaco on from the hate-when-that-happens dept.

Kurt writes "The hugely popular SpreadFirefox project, a Firefox community marketing site, has recently fallen victim to a security breach in their TWiki software. This breach has forced the site to shutdown until October 19th. During this time, they will be performing a rebuild of the SpreadFirefox system, to hopefully curb more security breaches."

2 of 140 comments (clear)

  1. From Spread Firefox Team by tcort · · Score: 0, Redundant

    To: announce@spreadfirefox.com
    From: admin@spreadfirefox.com
    Subject: Spread Firefox Security Notice

    The Spread Firefox Team became aware this week that the server hosting
    Spread Firefox, our community marketing site, has been accessed by
    unknown remote attackers who attempted to exploit a security
    vulnerability in TWiki software installed on the server. The TWiki
    software was disabled as soon as we were aware of the attempts to access
    SpreadFirefox.com. This exploit was limited to SpreadFirefox.com and
    did not affect mozilla.org web sites or Mozilla software.

    We have scanned Spread Firefox servers and at this time do not believe
    any sensitive data was taken, but as a precautionary measure we have
    shutdown the site and will be rebuilding the web site from scratch. We
    also recommend that you change your Spread Firefox password and the
    password of any accounts where you use the same password as your Spread
    Firefox account. We will notify you again when the site is back up with
    instructions on how to change your password. (Note: We do use MD5
    hashing on the passwords, but MD5 cannot protect all passwords against
    off-line dictionary style attacks.)

    After Spread Firefox was compromised in July, we instituted procedures
    to ensure that we apply all security fixes to the software running the
    site (Drupal and PHP) as soon as they become available. Unfortunately,
    those procedures overlooked the installation of the TWiki software since
    it is not used by the main Spread Firefox site. When the system is
    rebuilt, all the software will be audited to ensure that security
    updates will be applied in a timely manner. We deeply regret this
    incident and any inconvenience this may have caused you. Sincerely,

    Spread Firefox Team
    Mozilla Foundation

  2. Re:Message by mysqlrocks · · Score: 1, Redundant

    Cool, thanks. It would have been nice if this had been mentioned in the story.

    --
    Bradley Holt