Hackers Infiltrate Apache Project, Steal Passwords
Hackers Infiltrate Apache Project, Steal Passwords
Posted 04/15/2010 at 4:24am
| by Paul Lilly
0
Comments
Print
The Apache Software Foundation found itself the victim of a fairly sophisticated online attack, the group announced on their website. Apache described the event as a direct, targeted attack against their infrastructure, and specifically the server hosting their issue-tracking software.
According to Philip Gollucci, vice president of Apache infrastructure, the attack did not compromise the open-source Web server's source code repository, however hackers were able to access a server used to keep track of bugs, as well as obtain low-privilege accounts on another server used to maintain the people.apache.org portal.
"None of the source code was affected in any way," Gollucci said.
The hackers, who so far remain unidentified, broke into Apache's HIRA server on April 6 using a Web programming error known as a cross-site scripting bug. They then used a password-guess attack to steal user passwords up until Apache admins noticed the attack on April 9.
More like this
0
Comments
Comments are closed on this article
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy5 hours 59 min ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj6 hours 9 min ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E2 days 3 hours ago
