On TV.com: TOP 10 Shows CANCELED Too Soon
BNET Business Network:
BNET
TechRepublic
ZDNet
78 TalkBacks

By Joris Evers
Posted on ZDNet News: Oct 4, 2005 5:55:00 PM

Spread Firefox, the marketing Web site for the open-source Firefox Web browser, has been hacked again and is expected to be offline until later this month.

The cyber break-in was discovered this week, according to a notice sent Tuesday by the Spread Firefox team to registered users of the Web site. The breach was limited to SpreadFirefox.com and did not affect the main Mozilla.org Web site or Mozilla software, according to the e-mailed message.

Spread Firefox place holder

The server that hosts the Spread Firefox Web site was compromised by attackers who attempted to exploit a security vulnerability in TWiki, according to the notice. TWiki is open-source software for the collaborative authoring of online pages called "wikis".

This is the second time the site has been hacked via a flaw in software used to run the Web site. In July, the marketing site was compromised by attackers who exploited an unpatched security hole in PHP. The Drupal content management system used by the site is written in the PHP scripting language.

After the July attack, Mozilla instituted procedures to ensure that it would not overlook any more security fixes. "Unfortunately, those procedures overlooked the installation of the TWiki software, since it is not used by the main Spread Firefox site," the Spread Firefox team said in its notice.

The Firefox marketing Web site has been taken offline and will be rebuilt from scratch, according to the e-mail. "When the system is rebuilt, all the software will be audited to ensure that security updates will be applied in a timely manner," the team wrote.

The latest attack likely did not expose any user information, according to the e-mail. Still, people should change their password when the site comes back online, the team suggested. Spread Firefox's Web site should be back online circa Oct. 15, according to a notice on the site.

The hack is an additional embarrassment to Mozilla, which has emphasized security as a main selling point for its Firefox Web browser.

Spread Firefox is the online Firefox marketing hub. Mozilla has successfully used the site to mobilize volunteers to popularize the browser through free marketing techniques such as Web site buttons and by collecting money for an ad in The New York Times.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 78 Talkback(s)
American Cheese, from the cream of the crop
If an electrical appliance crashed, failed, and burned in the same way as 'Bill's Swiss Cheese', wouldn't we complain to the Trading Standards Agency or ask for a refund? If your Cheese was mouldy, w... (Read the rest)
Posted by: DontFeedTrolls Posted on: 12/09/05 You are currently: a Guest | | Terms of Use
hehehehe  IT Scion | 10/04/05
Typical open source zealot response...  ye | 10/04/05
Oh one of little comprehension.  IT Scion | 10/04/05
As expected an ad hominem response...  ye | 10/04/05
Yes the facts do speak for themselves.  IT Scion | 10/04/05
The ad hominems continue...  ye | 10/04/05
... and still you reply to them!  Jiim_z | 10/04/05
I assume...  ye | 10/04/05
Correction!  Reverend MacFellow | 10/05/05
hehe..yea they have a big stick.  Been_Done_Before | 10/05/05
Billy knows how to hack?  toomuchgreeatea@... | 10/04/05
No no  IT Scion | 10/04/05
American Cheese, from the cream of the crop  DontFeedTrolls | 12/09/05
No mention of OpenSuse being taken down?? (NT)  Loverock Davidson | 10/04/05
i'd think you wouldn't want it mentioned  Monkey_MCSE | 10/04/05
According to who?  Loverock Davidson | 10/04/05
Netcraft report on website  mrlinux | 10/04/05
Exactly  Loverock Davidson | 10/04/05
Re: According to who?  yyuko@... | 10/04/05
Whom? Who?  Loverock Davidson | 10/04/05
Dang,dang  I'm Ye, the MS SHILL . | 10/04/05
Hate to do it pal but...  Linux User 147560 | 10/04/05
unfortunately i know  Monkey_MCSE | 10/04/05
No facts?  Loverock Davidson | 10/04/05
oh i know the article, and i read it  Monkey_MCSE | 10/04/05
I have  Loverock Davidson | 10/04/05
Gottcha!  Linux User 147560 | 10/04/05
Firefox promo site taken down by hackers  Loverock Davidson | 10/04/05
brainless as usual  stormdoor | 10/04/05
What was brainless about it?  ye | 10/04/05
Forgive stormdoor  Loverock Davidson | 10/04/05
Slap, sure  node357 | 10/04/05
So tough  Loverock Davidson | 10/04/05
it was a flaw in apache...  doh123 | 10/04/05
clarify  doh123 | 10/04/05
... Twiki actually.  Jiim_z | 10/04/05
Answer  Linux User 147560 | 10/04/05
Whoops forgot to add  Linux User 147560 | 10/04/05
Relevant?  rapson | 10/04/05
It seems to be relevant to Loverock  Linux User 147560 | 10/04/05
Ah  rapson | 10/04/05
Answer  Loverock Davidson | 10/04/05
you are the weakest link  stormdoor | 10/04/05
Incorrect answer -10 points  Linux User 147560 | 10/04/05
That really is the problem afterall.  osreinstall | 10/04/05
For abot 90-95% of all active non-automated hacks  Linux User 147560 | 10/04/05
Damn! A Canadian slip!  Linux User 147560 | 10/04/05
Which is it?  ShadeTree | 10/05/05
Well Actually..  Trevor_G | 10/06/05
Which one got defaced?  osreinstall | 10/04/05
i don't understand...  glocks out | 10/04/05
actually you do understand  zijiang | 10/04/05
There is a perceptual connection  eb276 | 10/04/05
Because both are open source  ye | 10/04/05
which is a foolish stance for open source zealots to take  Feldon | 10/04/05
Agreed except for...  ye | 10/04/05
Connection is simple  IT Scion | 10/04/05
except it was firefox  voska | 10/04/05
Do you  IT Scion | 10/04/05
Chant The No_Ax Mantra  holyschmoe | 10/04/05
Dear Confused, There was no browser involved.  No_Ax_to_Grind | 10/04/05
Simple question for all  Monkey_MCSE | 10/04/05
What does it matter?  rapson | 10/04/05
carl, you must have missed  Monkey_MCSE | 10/04/05
True  rapson | 10/05/05
he sometimes does  doh123 | 10/04/05
Hey  Linux User 147560 | 10/04/05
I'm with you on that 100% of the way  I'm Ye, the MS SHILL . | 10/04/05
LOOK EVERYONE THIS ENTIRE POST IS ABOUT ME!!!`  Loverock Davidson | 10/04/05
actually it's to show you  Monkey_MCSE | 10/04/05
Don't know about Loverock but you described Ye perfectly (nt)  IT Scion | 10/04/05
Well  Trevor_G | 10/06/05
Facts = Loverock ?  interested_amateur@... | 10/04/05
This must be the same joe schmoe loverock ^  I'm Ye, the MS SHILL . | 10/04/05
No clueless one  Loverock Davidson | 10/04/05
I GET MENTIONED AGAIN, NANNER NANNER! (NT)  Loverock Davidson | 10/04/05
This is not right, and now, you'll call for the head of the hackers  Boot_Agnostic | 10/05/05
Just for the record...  Scrat | 10/05/05

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here