Apache.org hit by targeted XSS attack

Dennis L · 2010/04/13

Apache.org hit by targeted XSS attack, passwords compromised.

The long and short of security ... you can try your best, but ultimately "if man maketh, man can breaketh ". As we have advised time and time again in the forums, their is no 100 percent protection. The above breach started as a "social engineered attack" from "server A" witch led them to "server B and beyond ". As with all breaches, we learn and correct our mistakes and the war continues. Unfortunately their are many causalities in these battles. The reasons I backup data and create timely image's of my OS drive ... Security and/or hardware/software failure. All of my passwords are encrypted (3rd party program). For very vital password access, such as banking I use a 20 alpha/numeric password . ... plus I watch my bank account daily.

TonyT · 2010/04/15

This attack would have failed had apache admins not clicked on a link that they thought came from the JIRA software bug tracking system used. This was a social engineering hack.

Moral of the story:
Always investigate seemingly legit links in emai when there's even the slightest hint of doubt as to authenticity.

I guarantee these admins that clicked on the link, for a split second, did have an inkling of doubt but clicked anyway.

Log in or Sign up

Apache.org hit by targeted XSS attack

Dennis L Inactive Alumni Thread Starter

TonyT SuperGeek Staff

Share This Page

Log in or Sign up

Apache.org hit by targeted XSS attack

Dennis L Inactive Alumni Thread Starter

TonyT SuperGeek Staff

Share This Page

Useful Searches