rc3.org Strong opinions weakly held

What can we learn from the Apache security breach?

In Commentary on 14 April 2010 tagged with 2 comments

This weekend the Apache Software Foundation suffered a security breach. The post-mortem from the Apache Infrastructure Team is worth reading, because the attack was vsophisticated and they explain exactly how it worked.

Nelson Minar blames problems with passwords for the Apache security breach this weekend. Paul Querna blames Internet security as a whole. I’m still waiting for someone to blame URL shorteners, as they played a role in the attack as well.


2 Comments

I will happily blame URL shorteners. They are dangerous in so many ways. TinyURL provides a way to “preview” the URL you’re about to be redirected to by tweaking the URL. All of these services should default to such a mode and make it a global preference.

Posted by daveadams on 14 April 2010 @ 7pm

I don’t care for URL shorteners, either, but anyone this sophisticated could have disguised a malicious link behind a 302 redirect on their own were TinyURL never created.

Posted by Richard Crowley on 15 April 2010 @ 12am

Leave a Comment


About

This is the weblog of Rafe Colburn. I'm a software developer and computer book author, but this blog is really about whatever catches my interest on a day to day basis. I've been blogging since December, 1998.

Recently

Visit the full archive

Et Cetera

You can follow @rc3dotorg on Twitter here. My personal Twitter account is @rafeco. If you know what an RSS feed is, you can subscribe to the rc3.org feed here.


Back to Home

© rc3.org. Powered by WordPress using the DePo Skinny Theme.