[ insider_reports_insider ]
Apache Foundation Hit By Targeted Attack
Doug Caverly
Staff Writer
2010-04-13
 Insider Reports RSS Feed
The Apache Foundation, a nonprofit organization that supports open source software projects and is itself supported by important companies like Google, Yahoo, Microsoft, HP, and Facebook, has been attacked, and the Apache Infrastructure Team warned people today that some passwords were compromised in the process.
 | | Apache Foundation Hit By Targeted Attack |  |
Here's the most important piece of information to get out: the team stated in an incident report, "If you are a user of the Apache hosted JIRA, Bugzilla, or Confluence, a hashed copy of your password has been compromised." Changing passwords immediately is the recommended course of action.
As for what happened, the team provided an impressive amount of information, but we'll just hit the highlights here. Apparently a URL redirect was used in combination with a cross-site scripting attack, and a brute force password attack was conducted at the same time. The attackers then collected some users' passwords, and were able to turn around and access even more systems.
The Apache Infrastructure Team has a good handle on how to address these problems, though, and has indeed already taken several important steps.
By being so forthcoming about what the incident, the team has probably saved a few other organizations from falling victim to similar attacks, too.
About the Author:
Doug is a staff writer for SecurityProNews, InternetFinancialNews, SearchNewz, and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
