Posted on 10/05/2005 5:32:56 AM PDT by Golden Eagle
For the second time in three months, a security breach has shut down the marketing website used to promote the Firefox browser. Late Monday, members of the Spread Firefox community were notified that their Spread Firefox site had been hit by attackers looking to exploit a bug in the TWiki collaboration software, which had been running on the server.
The Mozilla Foundation does not believe that any sensitive information was compromised in the attack, but it is encouraging the approximately 100,000 Spread Firefox members to reset their passwords. "With these things it's hard to determine the exact nature of what happened," said Mike Schroepfer, director of engineering with the Foundation's Mozilla subsidiary.
(Excerpt) Read more at techworld.com ...
Just ask Chevrolet about the corvair and we are still paying the crusader of that one.
Seems to be a pattern. Other recent vendor/advocate hackings.
http://www.freerepublic.com/focus/f-backroom/1496008/posts
http://www.freerepublic.com/focus/f-bloggers/1446071/posts
http://www.freerepublic.com/focus/f-news/1421954/posts
http://www.freerepublic.com/focus/f-news/1488637/posts
Agreed. But just because a few fanatics hate you, doesn't mean they can hack you. Microsoft is on 90% of the world's computers, but I don't think they've ever been defaced. Of course, some fanatic who hates them will now come accuse me of being their shill, simply for stating the obvious.
As Firefox attracts more of a following they are having more of their security flaws exposed. It lends credence to the argument that Microsoft's popularity is why is gets hacked more often, not because is is inherently more flawed (which is not to say that they don't have plenty of bugs/poorly designed features). Simply put however, the more features a product has, the more opportunity for flaws there is.
I agree with the other poster in regards to open source, the higher the level of transparency the easier it is to find and take advantage of any flaws which might exist.
Thanks! I retract any comments indicating this had never happened to MS sites. Apparently, Korea isn't a safe place to operate a website, as mozilla korea has been hacked multiple times as well.
I've contributed fixes to this software. It's a piece of spaghetti Perl crap. www.twiki.org.
Can you show me anything in the article that anything about Firefox being hacked?
Clearly, the "more eyes creates better security" theory is blown to shreds for the vast number of open source projects.
Clearly, the "more eyes creates better security" theory is blown to shreds for the vast number of open source projects.
A pretty bold claim based on a perl-based wiki module being hacked. All software has bugs. The debugging process is an ongoing thing. Pretty good proof of the ongoing nature of this process is the fact that even without source code, we still see regular hacks of IE, which is, in todays terms pretty old and (allegedly) mature code. The open source model doesn't eliminate the possibility of defects, but it does make remediation quicker and more transparent for the most part. Some of us lappreciate that.
Um...no, it doesn't.
The article clearly states "...attackers looking to exploit a bug in the TWiki collaboration software..."
So the hack was on the Twiki software...not Firefox.
Clearly, the "more eyes creates better security" theory is blown to shreds for the vast number of open source projects.
Please. Much bigger holes were blown in the "closed source is more secure" argument with the sheer volume of viruses, trojans and worms spewed by Micro$lop's malware.
You guys have to go out of your way to find isolated instances of security breaches. Me, I get hundreds of copies of Microsoft's incompetence in the form of worm-based attacks in my web logs and e-mail viruses in my inbox on a weekly basis.
That's good. 'Cause I also remember when Microsoft was distributing Nimda-infected distro CDs and the microsoft.com site itself was slammed by Nimda in September, 2001.
Do a search on the subject and you'll find a lot of us had to spend an awful lot of time analyzing and cleaning up after Microsoft's mess just one week after 9/11. Thanks a lot, pal.
That's quite an unsupported leap to take from the information posted in the article. Specifically:
"After the July attack, the Mozilla Foundation changed procedures to be sure that security fixes were applied to the Spread Firefox server software, but administrators overlooked the TWiki application, which was no longer being used, Schroepfer said. "This one particular piece of software was an oversight and happened to not get updated," he said.
So the crack of the web site in question involved exploiting a known and fixed bug. The patch for which hadn't been applied since the web site wasn't using the software.
Just wait until Linux actually recieves a noticable marketshare ... the hackers will do the same thing to it.
Don't worry about it, us MS drones have formed a club, we meet every Tuesday. You bring the cookies this week. =)
I remember that. What a fun time that was. We had just gotten a few dozen new PCs and had to go thru each one to kill off the viruses.
I'm not really sure how much the increased marketshare of Firefox is affecting number of defects reported. They get louder press now due to visibility I suppose, but we've been finding stuff since the browser was first released. The code is still fairly new, but I'd say it's become pretty solid overall, at least by my usage. I've been using FF since it was a .2 release. (off and on - some of the early nightlies were horrid.) Relative to other offerings out there, it's not doing too badly as far as features, stability and defects are concerned IMO.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.