Spread Firefox encore attaqué
Par Mozinet, mardi 4 octobre 2005 à 17:01 :: Navigateurs - Sécurité - Mozilla :: #796 ::
Le site de promotion communautaire de Firefox a été vicitime d'une nouvelle faille d'une des applications utilisées pour faire tourner le site. Comme la dernière fois, il est conseillé aux volontaires qui y ont un compte de changer leur mot de passe par mesure de précaution (prière de ne pas coller ici de principe de précaution, le risque est connu). Pas question de le faire tout de suite cependant, le site est encore hors-ligne. Il devrait revenir autour du 15 octobre ou peut-être plus tôt. Restez à l'écoute de MozillaZine pour les nouvelles comme le conseille la page provisoire de SFx.
Le mail reçu par les membres :
The Spread Firefox Team became aware this week that the server hosting
Spread Firefox, our community marketing site, has been accessed by
unknown remote attackers who attempted to exploit a security
vulnerability in TWiki software installed on the server. The TWiki
software was disabled as soon as we were aware of the attempts to access
SpreadFirefox.com. This exploit was limited to SpreadFirefox.com and
did not affect mozilla.org web sites or Mozilla software.
We have scanned Spread Firefox servers and at this time do not believe
any sensitive data was taken, but as a precautionary measure we have
shutdown the site and will be rebuilding the web site from scratch. We
also recommend that you change your Spread Firefox password and the
password of any accounts where you use the same password as your Spread
Firefox account. We will notify you again when the site is back up with
instructions on how to change your password. (Note: We do use MD5
hashing on the passwords, but MD5 cannot protect all passwords against
off-line dictionary style attacks.)
After Spread Firefox was compromised in July, we instituted procedures
to ensure that we apply all security fixes to the software running the
site (Drupal and PHP) as soon as they become available. Unfortunately,
those procedures overlooked the installation of the TWiki software since
it is not used by the main Spread Firefox site. When the system is
rebuilt, all the software will be audited to ensure that security
updates will be applied in a timely manner. We deeply regret this
incident and any inconvenience this may have caused you. Sincerely,
Spread Firefox Team
Mozilla Foundation
Ce billet a été modifié en dernier le 04 October 2005 à 17:02:16.
Commentaires
Aucun commentaire pour le moment.
Ajouter un commentaire
Les commentaires pour ce billet sont fermés.