Slashdot Mirror


Apache Foundation Attacked, Passwords Stolen

Trailrunner7 writes "Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a 'direct, targeted attack.' The hackers hit the server hosting the software that Apache.org uses to track issues and requests and stole passwords from all users. The software was hosted on brutus.apache.org, a machine running Ubuntu Linux 8.04 LTS, the group said."

3 of 214 comments (clear)

  1. Should'a been running IIS! by Kenja · · Score: 5, Funny

    cause that would have confused the hell out of the attackers.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  2. Re:lols by lgw · · Score: 4, Funny

    Hey, this is serious! These hackers might have access to the full source code for Apache. Now they can craft specially targeted attacks against most web servers - no longer does Apache have that advantage over the leaked Windows source code. A terrible day for security on the web.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  3. Re:TinyURL Previews by Stradenko · · Score: 4, Funny