SpreadFirefox.com will be offline for about 10 days, after its second attack in three months.
For the second time in three months, the Mozilla Foundation-sponsored marketing site for the popular Firefox browser was hacked by unknown intruders. This time, a notice on the now-down site says that SpreadFirefox.com won't be up and running again until Oct. 15.
In a message to users, the Spread Firefox team said that hackers broke into its servers using a vulnerability in Twiki -- open-source software for creating a structured Wiki -- which was installed, but not in use, on those servers.
The team didn't believe any sensitive data was hijacked, but to be on the safe side, the site has been taken offline, and is being completely rebuilt. The group also recommended that SpreadFirefox.com registered users change their password once the site is back up.
Spread Firefox was last hacked in July; in that instance, the site was also taken offline, although only for approximately three days.
"After Spread Firefox was compromised in July, we instituted procedures to ensure that we apply all security fixes to the software running the site as soon as they become available," said the Spread Firefox team in its message. "Unfortunately, those procedures overlooked the installation of the TWiki software since it is not used by the main Spread Firefox site. When the system is rebuilt, all the software will be audited to ensure that security updates will be applied in a timely manner. We deeply regret this incident and any inconvenience this may have caused you."
The Spread Firefox team also said that the hack didn't affect the primary Mozilla Web site, or any of the Mozilla software. It was, however, yet one more embarrassment to the open-source organization, which has long touted its Firefox browser as a more secure alterative to Microsoft's Internet Explorer.
As in the July incident, a few anti-Microsoft conspiracy enthusiasts quickly blamed Firefox's rival. One poster, identified only as "tfg," wrote on the mozillaZine blog that "I blame the MS employees seeing the 96% domination of IE dropping to FF! You've just got to hope they're using IE and haven't disabled activex controls, vengeance shall be thine!"
But cooler heads responded. A follow-up comment, posted by "Kelson," noted that "Some people don't care who they attack. Some only care how high-profile the target is. I wouldn't be surprised if these people were Firefox users themselves."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.