MozTW 討論區 :: 檢視主題 - Spread Firefox 遭受攻擊

The Spread Firefox Team became aware this week that the server hosting
Spread Firefox, our community marketing site, has been accessed by
unknown remote attackers who attempted to exploit a security
vulnerability in TWiki software installed on the server. The TWiki
software was disabled as soon as we were aware of the attempts to access
SpreadFirefox.com. This exploit was limited to SpreadFirefox.com and
did not affect mozilla.org web sites or Mozilla software.

We have scanned Spread Firefox servers and at this time do not believe
any sensitive data was taken, but as a precautionary measure we have
shutdown the site and will be rebuilding the web site from scratch. We
also recommend that you change your Spread Firefox password and the
password of any accounts where you use the same password as your Spread
Firefox account. We will notify you again when the site is back up with
instructions on how to change your password. (Note: We do use MD5
hashing on the passwords, but MD5 cannot protect all passwords against
off-line dictionary style attacks.)

After Spread Firefox was compromised in July, we instituted procedures
to ensure that we apply all security fixes to the software running the
site (Drupal and PHP) as soon as they become available. Unfortunately,
those procedures overlooked the installation of the TWiki software since
it is not used by the main Spread Firefox site. When the system is
rebuilt, all the software will be audited to ensure that security
updates will be applied in a timely manner. We deeply regret this
incident and any inconvenience this may have caused you. Sincerely,

Spread Firefox Team
Mozilla Foundation

Welcome to SpreadFirefox, the official Mozilla site for Spreading Firefox, a modern Internet browser delivering a safer, faster, and better web experience. If you are looking for Firefox, please visit http://www.getfirefox.com , the site for all things Firefox, including the download of its latest version.

SpreadFirefox is currently unavailable. We currently plan to make SpreadFirefox available again around October 15th. Keep checking in because it might be up before expected. We apologize for any inconvenience during this time. We assure you that we do this to provide you with the best service possible. For updates on what is happening, please visit MozillaZine ( http://www.mozillazine.org ).

This shouldn't stop you from Spreading Firefox to the masses, so keep up the good work!

- The SFX Administration Team

發表人:	BestSteve [ 2005-10-04, 21:37 ]
文章主題 :	Spread Firefox 遭受攻擊
admin@spreadfirefox.com 寫: The Spread Firefox Team became aware this week that the server hosting Spread Firefox, our community marketing site, has been accessed by unknown remote attackers who attempted to exploit a security vulnerability in TWiki software installed on the server. The TWiki software was disabled as soon as we were aware of the attempts to access SpreadFirefox.com. This exploit was limited to SpreadFirefox.com and did not affect mozilla.org web sites or Mozilla software. We have scanned Spread Firefox servers and at this time do not believe any sensitive data was taken, but as a precautionary measure we have shutdown the site and will be rebuilding the web site from scratch. We also recommend that you change your Spread Firefox password and the password of any accounts where you use the same password as your Spread Firefox account. We will notify you again when the site is back up with instructions on how to change your password. (Note: We do use MD5 hashing on the passwords, but MD5 cannot protect all passwords against off-line dictionary style attacks.) After Spread Firefox was compromised in July, we instituted procedures to ensure that we apply all security fixes to the software running the site (Drupal and PHP) as soon as they become available. Unfortunately, those procedures overlooked the installation of the TWiki software since it is not used by the main Spread Firefox site. When the system is rebuilt, all the software will be audited to ensure that security updates will be applied in a timely manner. We deeply regret this incident and any inconvenience this may have caused you. Sincerely, Spread Firefox Team Mozilla Foundation http://www.spreadfirefox.com/ 寫: Welcome to SpreadFirefox, the official Mozilla site for Spreading Firefox, a modern Internet browser delivering a safer, faster, and better web experience. If you are looking for Firefox, please visit http://www.getfirefox.com , the site for all things Firefox, including the download of its latest version. SpreadFirefox is currently unavailable. We currently plan to make SpreadFirefox available again around October 15th. Keep checking in because it might be up before expected. We apologize for any inconvenience during this time. We assure you that we do this to provide you with the best service possible. For updates on what is happening, please visit MozillaZine ( http://www.mozillazine.org ). This shouldn't stop you from Spreading Firefox to the masses, so keep up the good work! - The SFX Administration Team 看起來好像是有人從TWiki攻擊SFX，結果SFX緊急關站了:shock:

發表人:	rail02000 [ 2005-10-05, 23:58 ]
文章主題 :
http://taiwan.cnet.com/news/software/0, ... 767,00.htm cent也來了....

發表人:	tszkin [ 2005-10-06, 13:19 ]
文章主題 :
rail02000 寫: http://taiwan.cnet.com/news/software/0,2000064574,20101767,00.htm cent也來了.... 我的郵箱出現了由sfx admin的信 The Spread Firefox Team became aware this week that the server hosting Spread Firefox, our community marketing site, has been accessed by unknown remote attackers who attempted to exploit a security vulnerability in TWiki software installed on the server. The TWiki software was disabled as soon as we were aware of the attempts to access SpreadFirefox.com. This exploit was limited to SpreadFirefox.com and did not affect mozilla.org web sites or Mozilla software. We have scanned Spread Firefox servers and at this time do not believe any sensitive data was taken, but as a precautionary measure we have shutdown the site and will be rebuilding the web site from scratch. We also recommend that you change your Spread Firefox password and the password of any accounts where you use the same password as your Spread Firefox account. We will notify you again when the site is back up with instructions on how to change your password. (Note: We do use MD5 hashing on the passwords, but MD5 cannot protect all passwords against off-line dictionary style attacks.) After Spread Firefox was compromised in July, we instituted procedures to ensure that we apply all security fixes to the software running the site (Drupal and PHP) as soon as they become available. Unfortunately, those procedures overlooked the installation of the TWiki software since it is not used by the main Spread Firefox site. When the system is rebuilt, all the software will be audited to ensure that security updates will be applied in a timely manner. We deeply regret this incident and any inconvenience this may have caused you. Sincerely, Spread Firefox Team Mozilla Foundation

發表人:	三腳貓 Three-leg-cat [ 2005-10-10, 01:59 ]
文章主題 :
是不是趁Firefox下載人次將近一億的時間入手呢？

發表人:	timmimiboy [ 2005-10-24, 01:02 ]
文章主題 :
那可真慘呀

MozTW 討論區 https://forum.moztw.org/

Spread Firefox 遭受攻擊 https://forum.moztw.org/viewtopic.php?f=22&t=10830	第 1 頁 (共 1 頁)

第 1 頁 (共 1 頁)	所有顯示的時間為 UTC + 8 小時
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/