Firefox advocacy site hacked again

For the second time in three months, a security breach has shut down the marketing Web site used to promote the Firefox browser. Late Monday, members of the Spread Firefox community were notified that their Spreadfirefox.com site had been hit by attackers looking to exploit a bug in the TWiki collaboration software, which had been running on the server.

The Mozilla Foundation does not believe that any sensitive information was compromised in the attack, but it is encouraging the approximately 100,000 Spread Firefox members to reset their passwords. “With these things it’s hard to determine the exact nature of what happened,” said Mike Schroepfer, director of engineering with the Foundation’s Mozilla Corp. subsidiary. “We don’t believe that people were successful in getting any of that personal or sensitive information, but we’re erring on the side of caution.”

Spread Firefox is best known as the organization that raised more than US$200,000 to run a two-page Firefox ad in The New York Times last year.

In July of 2005, attackers were able to gain access to the Spread Firefox server, apparently for the purpose of sending spam. That attack compromised information such as member e-mail addresses, instant messaging names, street addresses and birthdays.

After the July attack, the Mozilla Foundation changed procedures to be sure that security fixes were applied to the Spread Firefox server software, but administrators overlooked the TWiki application, which was no longer being used, Schroepfer said. “This one particular piece of software was an oversight and happened to not get updated,” he said.

The Mozilla team discovered the attack over the past weekend, but it appears to have been launched several weeks earlier. “The vulnerability on the TWiki software was announced on the 15th of September,” Schroepfer said. “It looked like the first few attempts happened within 12 to 36 hours of those announcements going out.”

Administrators will spend the next few weeks rebuilding Spreadfirefox.com, and the site is expected to be back online around Oct. 15, according to the Mozilla Foundation.

Once widely considered a more secure alternative to Microsoft’s Internet Explorer (IE) browser, Firefox has seen its reputation decline of late. Last month, security vendor Symantec Corp. reported that the Firefox browser had more confirmed security vulnerabilities than IE during the first half of 2005.

Firefox countered that it ended up with a larger number of vulnerabilities — 25 as opposed to Microsoft’s 13 — because Microsoft tends to roll a number of bugs into one vulnerability report.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now