Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache Foundation Attacked, Passwords Stolen

Posted by CmdrTaco on Tuesday April 13, 2010 @04:27AM from the yeah-we-meant-to-do-that dept.

Trailrunner7 writes "Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a 'direct, targeted attack.' The hackers hit the server hosting the software that Apache.org uses to track issues and requests and stole passwords from all users. The software was hosted on brutus.apache.org, a machine running Ubuntu Linux 8.04 LTS, the group said."

2 of 214 comments (clear)

Min score:

Reason:

Sort:

Respect by Xacid · 2010-04-13 04:43 · Score: 5, Insightful

Nothing but absolute respect for how Apache is handling this. Were there issues that became apparent as a result of this? Yes. But have they discovered the flaws, acknowledged them, and are looking to close those holes? Yes.
It's a shame more companies can't operate with such...transparency I guess you'd call it. However, consumers respond differently to different types of companies.
I, for one, am proud to see a company take this seriously instead of trying to sweep it under the rug.
Re:Damage contained through one-time passwords. by HogGeek · 2010-04-13 04:43 · Score: 4, Insightful

Hmm, let's see:
Implanting a back door in any one (if not all) of the Apache products, so that when Citibank does an upgrade...
Far fetched, yes. But not out of the realm of possibility...