Language Selection

English French German Italian Portuguese Spanish

Apache.org hit by targeted XSS attack, passwords compromised

Filed under
Software
Security
Web

Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a “direct, targeted attack.”

The hackers hit the server hosting the software that Apache.org uses to it to track issues and requests and stole passwords from all users. The software was hosted on brutus.apache.org, a machine running Ubuntu Linux 8.04 LTS, the group said.

The passwords were encrypted on the compromised servers (SHA-512 hash) but Apache said the risk to simple passwords based on dictionary words “is quite high” and urged users to immediately rotate their passwords.

More here and here




More in Tux Machines

Phoronix on Graphics

Leftovers: Software

Emulation or WINE

Fedora: The Latest

  • New "remi-php71" repository
  • PHP on the road to the 7.1.0 release
  • First round of Fedora 24 Updated Lives now available. (torrents expected later this week)
    As noted by my colleague on his blog the first round of F24 Updated Lives are now available and carry the date 20160720, Also as mentioned last week on his blog F23 Respins are not going to be actively made, however we and the rest of the volunteer team will field off-off requests as time and resources permit. We are considering a new/second tracker for the Updated Spins but as of today there are only .ISO files available at https://alt.fedoraproject.org/pub/alt/live-respins [shortlink] F24 Live-Respins . The F24 respins carry the 4.6.4-200 Kernel and roughly ~500M of updates since the Gold ISOs were released just 5 weeks ago. (some ISOs have more updates, some less)