|Ned Batchelder : Blog | Code | Text | Site|
An Apache break in
» Home : Blog : April 2010
Apache.org had an incident last week which started as a cross-site scripting attack and ended with the attackers gaining root access to their servers. The full story is worth a read because it's instructional to see how the mistakes compound and the attackers used each new foothold to gain access to another deeper level in the system. It reads like a laundry list of simple security mistakes, but strung together in a real world scenario that resulted in a serious breach of security.
And it ends with a great honest example of the open source philosophy:
tagged: security / via: aron» 1 reaction