Language Selection

English French German Italian Portuguese Spanish

Apache.org hit by targeted XSS attack, passwords compromised

Filed under
Software
Security
Web

Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a “direct, targeted attack.”

The hackers hit the server hosting the software that Apache.org uses to it to track issues and requests and stole passwords from all users. The software was hosted on brutus.apache.org, a machine running Ubuntu Linux 8.04 LTS, the group said.

The passwords were encrypted on the compromised servers (SHA-512 hash) but Apache said the risk to simple passwords based on dictionary words “is quite high” and urged users to immediately rotate their passwords.

More here and here




More in Tux Machines

Debian Finally Moves to GCC 5

Ubuntu and Debian developers have been working for some time to make GCC 5.x the default compiler for the project, and they have finally made it. Ubuntu was the first one to achieve this, and now it looks like Debian has joined the party as well. Read more

Open source Chromecast competitor, Matchstick, is dead

Nearly a year ago, Matchstick hit Kickstarter with the goal of bringing a more open HDMI dongle to challenge the likes of the Chromecast and Fire TV Stick. Today, however, its creators made a painful revelation. They’re not going to be able to deliver a satisfactory product, and that means around 17,000 backers won’t be getting their hands on the Firefox OS-based Matchsticks they were hoping for when they pledged their support to the project last fall. Read more

Lockheed Open Sources Its Secret Weapon In Cyber Threat Detection

The cybersecurity team at Lockheed Martin will share some defensive firepower with the security community at Black Hat this week with the open source release of an internal advance threat tool it has been using in house for three years now. Dubbed Laika BOSS, this malware detection platform is meant to help security analysts better hunt down malicious files and activity in an enterprise environment. Read more

Bodhi Linux 3.1.0 Pre Invites Users to Test the New Moksha Desktop Environment

Bodhi, a Linux operating system based on Ubuntu that features a minimalist approach and really low system requirements, has just received a testing version for the upcoming 3.1.0 release. Read more