Spread FF got hacked...read on:

[Indestructable]

here's the email I got today, as well some of you may have also:

The Spread Firefox Team became aware this week that the server hosting

Spread Firefox, our community marketing site, has been accessed by

unknown remote attackers who attempted to exploit a security

vulnerability in TWiki software installed on the server.  The TWiki

software was disabled as soon as we were aware of the attempts to access

SpreadFirefox.com.  This exploit was limited to SpreadFirefox.com and

did not affect mozilla.org web sites or Mozilla software.

We have scanned Spread Firefox servers and at this time do not believe

any sensitive data was taken, but as a precautionary measure we have

shutdown the site and will be rebuilding the web site from scratch.  We

also recommend that you change your Spread Firefox password and the

password of any accounts where you use the same password as your Spread

Firefox account.  We will notify you again when the site is back up with

instructions on how to change your password. (Note: We do use MD5

hashing on the passwords, but MD5 cannot protect all passwords against

off-line dictionary style attacks.)

After Spread Firefox was compromised in July, we instituted procedures

to ensure that we apply all security fixes to the software running the

site (Drupal and PHP) as soon as they become available.  Unfortunately,

those procedures overlooked the installation of the TWiki software since

it is not used by the main Spread Firefox site.  When the system is

rebuilt, all the software will be audited to ensure that security

updates will be applied in a timely manner.  We deeply regret this

incident and any inconvenience this may have caused you. Sincerely,

Spread Firefox Team

Mozilla Foundation

Quite interesting that they are rebuilding the entire site. Nice to know that they care about security that much though.

indestructable.

[resopalrabotnick]

prolly just don't want to admit someone deltree'd the server.

[just-]

at least they were not very destructable isnt it indestructable.

hehehe just playing with the words

[EvilNightHawk4]

Ya i had problems with FF to.

[organ_shifter]

Not surprising at all. It's only going to get worse for Mozilla/Firefox.

Their foundation is starting to crumble. 

Hackers are getting in more frequently. 

"Don't play with fire and get burned...browse smart & secure with IE6/7."

[netmasta]

Not surprising at all. It's only going to get worse for Mozilla/Firefox.

Their foundation is starting to crumble. 

Hackers are getting in more frequently. 

"Don't play with fire and get burned...browse smart & secure with IE6/7."

If you read though the message carefully, you'd notice the security breach has nothing to do with Firefox/Mozilla

The Spread Firefox Team became aware this week that the server hosting

Spread Firefox, our community marketing site, has been accessed by

unknown remote attackers who attempted to exploit a security

vulnerability in TWiki software installed on the server.  The TWiki

software was disabled as soon as we were aware of the attempts to

access

SpreadFirefox.com.  This exploit was limited to SpreadFirefox.com and

did not affect mozilla.org web sites or Mozilla software.

[Indestructable]

just- :haha: 

organ-I see your point, but I myself only use FF, and I run spyware software everyday pretty much. My mom uses IE 6, and when I see the report from where the spyware is coming from, it's coming from IE. just my 2 cents, no harm meant. 

netmasta- thanks for the backup man, lol 

[organ_shifter]

If you read though the message carefully, you'd notice the security breach has nothing to do with Firefox/Mozilla

No matter how you slice it, the attempt was a successful shot taken at Firefox and it caused an affiliated (Spread Firefox) server to go down. Unknown attackers gained access.

The target that is worn by FF is getting bigger by the hour. Pretty soon, it'll be so easy to hit that the false security that users think they have will be exposed for what it really is.

as a precautionary measure we have

shutdown the site and will be rebuilding the web site from scratch

How often will they want to do that? LOL

Especially when they start to have attacks coming in from several different angles (all day long). It's going to be tough.

[jsdailey]

I actually like FF and IE and use them both, but FireFox will begin to have the same problems as IE.  The only reason that IE gets as much spyware and viruses is because 810 Million ppl use it.  As firefox grows it will begin to get hacked more as well.  Especially since they will GIVE you the source code to it.  Anyone could just go on the website get the source code and make a FireFox killing virus.  Point is, what ever the majority of ppl use is what will be targeted the most.

[dn0]

I actually like FF and IE and use them both, but FireFox will begin to have the same problems as IE.  The only reason that IE gets as much spyware and viruses is because 810 Million ppl use it.  As firefox grows it will begin to get hacked more as well.  Especially since they will GIVE you the source code to it.  Anyone could just go on the website get the source code and make a FireFox killing virus.  Point is, what ever the majority of ppl use is what will be targeted the most.

Amen.... I am just going back to DOS and BBS's...etc; no more browser

[cak46]

Amen.... I am just going back to DOS and BBS's...etc; no more browser

:haha:  Doesn't sound like sucha bad idea.  I liked the old Gopher sites, downloading uuencoded pics........... with my speedy 2400baud modem.......... :)

I think that the reason FF is not attacked nearly as much is the fact that it IS an open source, free system to begin with.  MS takes great pains on hiding its "SECRETS".  What would offer more allure to a hacker/cracker/code ripper than the need to know said secrets, and exploit them just to show MS that it's FOS when it comes to security for its products.  FF would not be a challenge, given that it is an open source software.  I haven't heard of exploits for the OpenOffice software.  I'm sure there are some, but have not seen anything thus far here or on the net.  I'll look around a bit, but it can't be close to that of the MSOffice Suite.

[Indestructable]

lol, umm may I ask why you would want to hack openoffice? :cool:

[resopalrabotnick]

the reason ms products get hacked more than the competition (be it linux, ff, mac or whatever) is that there are merely more targets out there.

[tdawnaz]

it's all numbers...i'll bet if someone were to do the math...the ratio would turn out pretty close...ie has many more followers...hence more attacks and vulnerabilities...

the answers are always in the numbers...

personally i prefer ff...but i still use ie for some things...about 50% of the time i use it lately tho...i get a message from my av/spyware that an attempt was made to add/chg the reg keys...er sumthin like that...asking if i want to allow it...

it's prob just trying to make it's self my default browser...i dunno...but i block it...

[cak46]

lol, umm may I ask why you would want to hack openoffice? :cool:

Macro viruses, such as msoffice users are accustomed to.  Not necessarily "hacked", but surely attacked...........  You can also look at mail programs, such as Outlook and OE compared to the instances of macro viruses with Netscapes or Pegasus

the reason ms products get hacked more than the competition (be it linux, ff, mac or whatever) is that there are merely more targets out there.

 

Is it this or is it that because the majority of users run MS products, the majority of users may uses the same products and thus are more familiar with the workings of ms products and find it easier than other op sys's, etc. to work with due to that familiarity..... If its just a matter of targets, I would think that most code breakers would just wait for a good code break to come out then just use that one, instead of finding their own.  But, there is no challenge in that.  MS had always touted its security as being very good, and of late (within the last 2 years or so) has only just begun to acknowledge the shortcomings of their products and actually put it at the forefront of the services they provide.  This happened due to public outcry, not ms being proactive.  What would make a better target?.......  Open source or Products touted as secure?

[resopalrabotnick]

the product touted as secure. because such huge projects as an os or an office suite will always have some little chink in it's armour, and the proliferation of a product among most users means that the odds of finding an unpatched installation to poke at are higher than when targeting a product with a higher 'geek' factor, since said geeks are more likely to keep their system up to date. as demonstrated by the 57 or so people using ff having downloaded it 97 million times.

[cak46]

as demonstrated by the 57 or so people using ff having downloaded it 97 million times.

:haha:

I'd agree to a certain degree if you're talking about script kiddies.  If someone doesn't use "the patch", they should expect some script kiddie to break in.  The hackers, breakers, etc. that I'm referring to... the ones that find the breaks, holes, exploits......  the "cutting edge hackers" (for lack of a better term) are the ones that I believe will target a supposedly secure piece of software over an open source, just to show that the producer is FOS.  In my view, script kiddies are wussies, the true, real hackers are the ones that find the abovementioned holes, etc..

Edit:

Here is an article on hacker psychology from TLC http://tlc.discovery.com/convergence/hackers/articles/psych.html

and a discussion with a hacker:  http://www.bemuzed.com/elmorian/philosophy/files/DH_Hacking

Very interesting reading.

[fred]

:Personally I use FF to a greater degree than IE but when it comes to finances the wife uses IE don't know why but she does and as far as the whackers hackers crackers thief's what ever they want to call themselves I see it all as illeagle they should keep there fingers out of somebodies else's code jar and let the internet rock on with out interuption or malice

[monsnet2k8]

:Personally I use FF to a greater degree than IE but when it comes to finances the wife uses IE don't know why

I know why!! haven't you heard the women are always right' They are wiser when it comes to protecting what its theirs and always know what is safe for their interests' always trust a woman's instinct' in this case she knows IE is better.

[xs1]

I know why!! haven't you heard the women are always right' They are wiser when it comes to protecting what its theirs and always know what is safe for their interests' always trust a woman's instinct' in this case she knows IE is better.

[pitbull481]

I know why!! haven't you heard the women are always right' They are wiser when it comes to protecting what its theirs and always know what is safe for their interests' always trust a woman's instinct' in this case she knows IE is better.

things you say about i.e makes me laugh. just dumb

I.E. SUCKS

[monsnet2k8]

things you say about i.e makes me laugh. just dumb

I.E. SUCKS

I know it sounds dumb but i learned one important thing when it come to the INTERNET'

I leaned not to take things too serious, especially if its supposed to be a joke' :haha:

BTW what you FF users say about IE makes me laught too' I like IE as much as you like FF no harm with that is there?

[Indestructable]

man, is that the truth...