Firefox advocacy site hacked again!
Results 1 to 5 of 5

Thread: Firefox advocacy site hacked again!

  1. #1
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912

    Firefox advocacy site hacked again!

    It's the second time in three months Spreadfirefox.com has been attacked

    For the second time in three months, a security breach has shut down the marketing Web site used to promote the Firefox browser. Late yesterday, members of the Spread Firefox community were notified that the Spreadfirefox.com site had been hit by attackers looking to exploit a bug in the TWiki collaboration software, which was running on the server.
    The Mozilla Foundation does not believe that any sensitive information was compromised in the attack, but it is encouraging the approximately 100,000 Spread Firefox members to reset their passwords. "With these things, it's hard to determine the exact nature of what happened," said Mike Schroepfer, director of engineering at the foundation's Mozilla Corp. subsidiary. "We don't believe that people were successful in getting any of that personal or sensitive information, but we're erring on the side of caution."

    Spread Firefox is best known as the organization that raised more than $200,000 to run a two-page Firefox ad in The New York Times last year.

    In July, attackers were able to gain access to the Spread Firefox server, apparently for the purpose of sending spam. That attack compromised information such as member e-mail addresses, instant messaging names, street addresses and birthdays.

    After that attack, the Mozilla Foundation changed procedures to be sure that security fixes were applied to the Spread Firefox server software, but administrators overlooked the TWiki application, which was no longer being used, Schroepfer said. "This one particular piece of software was an oversight and happened to not get updated," he said.

    The Mozilla team discovered the attack over the weekend, but it appears to have been launched several weeks earlier. "The vulnerability on the TWiki software was announced on the 15th of September," Schroepfer said. "It looked like the first few attempts happened within 12 to 36 hours of those announcements going out."

    Administrators will spend the next few weeks rebuilding Spreadfirefox.com, and the site is expected to be back online around Oct. 15, according to the Mozilla Foundation.

    Once widely considered a more secure alternative to Microsoft's Internet Explorer browser, Firefox has seen its reputation decline of late. Last month, security vendor Symantec Corp. reported that the Firefox browser had more confirmed security vulnerabilities than IE during the first half of 2005.

    Firefox countered that it ended up with a larger number of vulnerabilities -- 25 as opposed to Microsoft's 13 -- because Microsoft tends to roll a number of bugs into one vulnerability report.

    Source
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  2. #2
    Senior Member
    Join Date
    Oct 2005
    Posts
    197
    Just another case of the admins being human. Its always something overlooked that gets you burned. The weakest link is always the one that breaks. Ive read many news clippings that with firefox getting so big that the spyware guys are looking to start exploiting firefox the same way they do IE. Probably a little harder but if there's a will there's away. Makes me wonder if there really is some one making a lota of money off spyware.
    meh. -ech0.

  3. #3
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    There absolutely is someone making money, or it (spyware) wouldn't have perpetuated for so long.

    And it is sad to see the human factor being the cause of this breakdown. It brings the big ugly hairy eyeball on Firefox yet again, even though this has nothing directly to do with the application itself.

    And regardless of what !mitationRust would imply, firefox is no more or less inherently secure than many other popular applications, so far as the industry has seen, in regards to spyware and malicious exploits. The effort brought to bear by parties intent on defacing these sites is directly related to the popularity of the application in focus, not the hardiness of the application itself.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  4. #4
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912
    Good points Zencoder , popularity always equals vulnerability.
    I totally agree that the application level security has nothing to do with the attach, but apart from the weakness of the human factor and its implications upon the application or the business, there should be always coherent steps to ensure application-level secuirty {Producers} though, am I right?
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  5. #5
    Senior Member
    Join Date
    Oct 2005
    Posts
    197
    I would agree. Even if its not the app that got hurt by this attack its still the FireFox name that got dragged threw the mud.
    meh. -ech0.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides