SpreadFirefox.com Shut Down After Security Breach

For the second time this year, hackers break into the Mozilla Foundation's SpreadFirefox grassroots marketing Web site.

The Mozilla Foundation has temporarily pulled the plug on its SpreadFirefox.com marketing site after a hacker break-in put user accounts at risk.

The non-profit Foundation, which has used the site to launch grassroots campaigns to support the Firefox Web browser, said the site will remain offline until October 15 while the site is rebuilt from scratch.

"We have scanned SpreadFirefox servers and at this time do not believe any sensitive data was taken, but as a precautionary measure we have shutdown the site and will be rebuilding the Web site from scratch," the open-source group said in an e-mail sent to members.

"We also recommend that you change your SpreadFirefox password and the password of any accounts where you use the same password as your SpreadFirefox account," Mozilla added.

/zimages/4/28571.gifTo read more about security problems with Firefox, click here.

The site used MD5 (Message-Digest algorithm 5) hashing to encrypt user passwords on the site but, in its notice, Mozilla noted that "MD5 cannot protect all passwords against offline dictionary style attacks."

The break-in was blamed on unknown remote attackers who attempted to exploit a security vulnerability in TWiki, a Web collaboration software installed on the Foundations server.

/zimages/4/28571.gifRead more here about Firefox 1.5, Beta 1.

In the e-mail alert, Mozilla said the TWiki software was disabled as soon as the attempts to access SpreadFirefox.com were discovered.

"This exploit was limited to SpreadFirefox.com and did not affect mozilla.org Web sites or Mozilla software," the group added.

Its the second time this year that hackers have broken into the SpreadFirefox.com site.

In July, a similar breach triggered a warning that user accounts were potentially compromised and forced the Foundation to implement new security patch-management procedures.

On Tuesday, Mozilla acknowledged a weakness in the implementation of the new procedures.

"After SpreadFirefox was compromised in July, we instituted procedures to ensure that we apply all security fixes to the software running the site (Drupal and PHP) as soon as they become available.

"Unfortunately, those procedures overlooked the installation of the TWiki software since it is not used by the main Spread Firefox site," the group said.

"When the system is rebuilt, all the software will be audited to ensure that security updates will be applied in a timely manner," Mozilla added.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.