Tuesday, October 04, 2005

Spread Firefox Security Notice

Receive this email from the admin. User registered with spreadfirefox.com are advised to change thier password of any accounts if it's being used on other accounts. This exploit is believed to be coming from TWiki software. As for the time being, the site is down until further notice. An excerpt of the email content i received...

The Spread Firefox Team became aware this week that the server hosting Spread Firefox, our community marketing site, has been accessed by unknown remote attackers who attempted to exploit a security vulnerability in TWiki software installed on the server. The TWiki software was disabled as soon as we were aware of the attempts to
access SpreadFirefox.com. This exploit was limited to SpreadFirefox.com and did not affect mozilla.org web sites or Mozilla software.

We have scanned Spread Firefox servers and at this time do not believe any sensitive data was taken, but as a precautionary measure we have shutdown the site and will be rebuilding the web site from scratch. We also recommend that you change your Spread Firefox password and the password of any accounts where you use the same password as your Spread Firefox account. We will notify you again when the site is back up
with instructions on how to change your password. (Note: We do use MD5 hashing on the passwords, but MD5 cannot protect all passwords against off-line dictionary style attacks.)

Your Ad Here