News: Apache Foundation Hit by Targeted XSS Attack
Threatpost.com is reporting a hack against one of Apache's own servers that was hosting their issue tracking software. It seems that a tinyurl was crafted to steal a users active session, and once clicked, stolen administrative rights soon followed.There's a few simple lessons to be learned here for anyone doing administration on the server side, not the least of which is to be leery about those tiny urls. Be diligent in your security, as you never know when an attack is about to come.
- Posted by: Cameron McKenzie ( @potemcam )
- Posted on: April 14 2010 07:48 EDT