What can we learn from the Apache security breach?

This weekend the Apache Software Foundation suffered a security breach. The post-mortem from the Apache Infrastructure Team is worth reading, because the attack was vsophisticated and they explain exactly how it worked.

Nelson Minar blames problems with passwords for the Apache security breach this weekend. Paul Querna blames Internet security as a whole. I’m still waiting for someone to blame URL shorteners, as they played a role in the attack as well.

2 thoughts on “What can we learn from the Apache security breach?

  1. I will happily blame URL shorteners. They are dangerous in so many ways. TinyURL provides a way to “preview” the URL you’re about to be redirected to by tweaking the URL. All of these services should default to such a mode and make it a global preference.

  2. I don’t care for URL shorteners, either, but anyone this sophisticated could have disguised a malicious link behind a 302 redirect on their own were TinyURL never created.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>