Apache.org had an incident last week which started as a cross-site scripting attack and ended with the attackers gaining root access to their servers. The full story is worth a read because it's instructional to see how the mistakes compound and the attackers used each new foothold to gain access to another deeper level in the system. It reads like a laundry list of simple security mistakes, but strung together in a real world scenario that resulted in a serious breach of security.

And it ends with a great honest example of the open source philosophy:

We hope our disclosure has been as open as possible and true to the ASF spirit. Hopefully others can learn from our mistakes.

tagged:   /   via: aron» 1 reaction

Comments

[gravatar]
anon 11:36 PM on 13 Apr 2010

All very well, but let's not forget that the attack vector was in a close-source product.

Add a comment:

name
email
Ignore this:
not displayed and no spam.
Leave this empty:
www
not searched.
 
Name and either email or www are required.
Don't put anything here:
Leave this empty:
URLs auto-link and some tags are allowed: <a><b><i><p><br><pre>.