- Related Stories
-
Firefox marketing site hacked
July 15, 2005
The cyber break-in was discovered this week, according to a notice sent Tuesday by the Spread Firefox team to registered users of the Web site. The breach was limited to SpreadFirefox.com and did not affect the main Mozilla.org Web site or Mozilla software, according to the e-mailed message.
The server that hosts the Spread Firefox Web site was compromised by attackers who attempted to exploit a security vulnerability in TWiki, according to the notice. TWiki is open-source software for the collaborative authoring of online pages called "wikis".
This is the second time the site has been hacked via a flaw in software used to run the Web site. In July, the marketing site was compromised by attackers who exploited an unpatched security hole in PHP. The Drupal content management system used by the site is written in the PHP scripting language.
After the July attack, Mozilla instituted procedures to ensure that it would not overlook any more security fixes. "Unfortunately, those procedures overlooked the installation of the TWiki software, since it is not used by the main Spread Firefox site," the Spread Firefox team said in its notice.
The Firefox marketing Web site has been taken offline and will be rebuilt from scratch, according to the e-mail. "When the system is rebuilt, all the software will be audited to ensure that security updates will be applied in a timely manner," the team wrote.
The latest attack likely did not expose any user information, according to the e-mail. Still, people should change their password when the site comes back online, the team suggested. Spread Firefox's Web site should be back online circa Oct. 15, according to a notice on the site.
The hack is an additional embarrassment to Mozilla, which has emphasized security as a main selling point for its Firefox Web browser.
Spread Firefox is the online Firefox marketing hub. Mozilla has successfully used the site to mobilize volunteers to popularize the browser through free marketing techniques such as Web site buttons and by collecting money for an ad in The New York Times.
- More from News.com on this story's topics
Web browsers
Hacking
See more CNET content tagged:
Mozilla Corp.,
Firefox,
notice,
attacker,
PHP
GE Interest Plus
The Hackers have shown that the only way to deter them is to take their power of hacking away from them as discussed at
http://www.newerawisp.blogspot.com/
The time for a browser that creates new roles for clients and servers has come.
It is not only the security that should force this development. It is also the piracy. It keeps the Music Company busy bringing law suits against those it suspects of piracy. But Wall street Journal Dated September 28, 2005 reported that these music Companies sued Baidu.com, the Chinese Search Engine because it makes it too eay for the downloading of Music. I've asked these music Companies to send me the nmes and addresses of these courts, the case numbers, the names and addresses of the defendants and the names and addresses of the lawyers involved so I can make a motion to the effect that the Music Companies can end piracy if they wanted to by financially supporting the development of the browser that will bannish the piracy for ever.
The Hackers have shown that the only way to deter them is to take their power of hacking away from them as discussed at
http://www.newerawisp.blogspot.com/
The time for a browser that creates new roles for clients and servers has come.
It is not only the security that should force this development. It is also the piracy. It keeps the Music Company busy bringing law suits against those it suspects of piracy. But Wall street Journal Dated September 28, 2005 reported that these music Companies sued Baidu.com, the Chinese Search Engine because it makes it too eay for the downloading of Music. I've asked these music Companies to send me the nmes and addresses of these courts, the case numbers, the names and addresses of the defendants and the names and addresses of the lawyers involved so I can make a motion to the effect that the Music Companies can end piracy if they wanted to by financially supporting the development of the browser that will bannish the piracy for ever.
Before, we heard how it was always "Micro$haft" software that was insecure, buggy, etc.
Then, we get a few reports of Apache and Firefox having flaws, "but they get fixed faster than MS products."
Now, we see the same site (using only open source software) getting hacked for the 2nd. time and is down until later this month!
Where are all of the lame open source advocates who claim that the software is inherently more secure? Where are all of the "M$" bashers?
To be honest, I'm sick of all of the open source hype (especially the FireFox hype and how 'secure' it is.)
I've stuck with Windows XP and IE (with auto-updates on) and haven't had *one* problem with security.
I'm not saying open source stuff sucks, but it isn't the holy grail that the zealots make it out to be.
I'm sure there will be those that blamed it on the admins., (in the same way that MS fans blamed it on admins.), but fair is fair: Open Source was hacked because of security *flaws*.
</rant>
Before, we heard how it was always "Micro$haft" software that was insecure, buggy, etc.
Then, we get a few reports of Apache and Firefox having flaws, "but they get fixed faster than MS products."
Now, we see the same site (using only open source software) getting hacked for the 2nd. time and is down until later this month!
Where are all of the lame open source advocates who claim that the software is inherently more secure? Where are all of the "M$" bashers?
To be honest, I'm sick of all of the open source hype (especially the FireFox hype and how 'secure' it is.)
I've stuck with Windows XP and IE (with auto-updates on) and haven't had *one* problem with security.
I'm not saying open source stuff sucks, but it isn't the holy grail that the zealots make it out to be.
I'm sure there will be those that blamed it on the admins., (in the same way that MS fans blamed it on admins.), but fair is fair: Open Source was hacked because of security *flaws*.
</rant>