Strong opinions, weakly held

What can we learn from the Apache security breach?

This weekend the Apache Software Foundation suffered a security breach. The post-mortem from the Apache Infrastructure Team is worth reading, because the attack was vsophisticated and they explain exactly how it worked.

Nelson Minar blames problems with passwords for the Apache security breach this weekend. Paul Querna blames Internet security as a whole. I’m still waiting for someone to blame URL shorteners, as they played a role in the attack as well.


  1. I will happily blame URL shorteners. They are dangerous in so many ways. TinyURL provides a way to “preview” the URL you’re about to be redirected to by tweaking the URL. All of these services should default to such a mode and make it a global preference.

  2. I don’t care for URL shorteners, either, but anyone this sophisticated could have disguised a malicious link behind a 302 redirect on their own were TinyURL never created.

Leave a Reply

Your email address will not be published.


© 2023 rc3.org

Theme by Anders NorenUp ↑