Language Selection

English French German Italian Portuguese Spanish

Apache.org hit by targeted XSS attack, passwords compromised

Filed under
Software
Security
Web

Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a “direct, targeted attack.”

The hackers hit the server hosting the software that Apache.org uses to it to track issues and requests and stole passwords from all users. The software was hosted on brutus.apache.org, a machine running Ubuntu Linux 8.04 LTS, the group said.

The passwords were encrypted on the compromised servers (SHA-512 hash) but Apache said the risk to simple passwords based on dictionary words “is quite high” and urged users to immediately rotate their passwords.

More here and here




More in Tux Machines

Opera Sold

Overview of Linux Desktop Environments

I'm going to list a good deal of desktops today, so in order to keep things organized I'm going to group them based on the toolkit they are written in. Read more

Desktops, Rolling vs Stable, and New Internet Security

There is a lot of Linux news to report today as a lot of interesting things have been happening last few days. Over the weekend Jeff Hoogland, Bodhi Linux founder, briefed folks on the many graphical desktops for Linux including his own. Yesterday, Matt Hartley compared and contrasted long term versus rolling released Linux distributions and Jack Wallen said desktop Linux isn't really important anymore. Today, Jack Germain said Mandriva offshoot Rosa is a "real powerhouse" and the LF announced collaboration with the White House on new Internet security measures. Read more

Slackware Live 0.5.1, 1.0 on Its Way

Eric "AlienBob" Hameleers announced Slackware Live Edition 0.5.1 Saturday based on the latest Slackware 14.2 Beta. Hameleers said his livestak is "mostly complete at this point" but still lacks sufficient documentation. That's the goal for stable 1.0. For folks looking for a distro "well equipped to keep systemd out of our distro for a while" but still boots UEFI machines, perhaps Slack Live is the answer. It comes in Slackware default, Xfce, Plasma, and MATE versions, so why not book 'er up? Read more