GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


descriptionMozilla site exposed encrypted passwords EmptyMozilla site exposed encrypted passwords

more_horiz
A database of inactive Mozilla usernames and passwords was exposed on the Internet earlier this month, the Mozilla Foundation disclosed on Tuesday.

The database, which contained 44,000 inactive user accounts for the addons.mozilla.org site, was inadvertently placed on a public-facing Web server, wrote Chris Lyon, the Mozilla director of infrastructure security, in a blog posting.

Lyon stressed that the exposure "posed minimal risk to users." The organization erased all the passwords, which were encrypted. It also accounted for every download of the database.

Current users of addons.mozilla.org are not affected, because the organization upgraded its procedure for encrypting passwords in April 2009, Lyon stated.

More: http://www.computerworld.com/s/article/9202658/

descriptionMozilla site exposed encrypted passwords EmptyRe: Mozilla site exposed encrypted passwords

more_horiz
Just out of curiosity, how do these things end up on public pages?

descriptionMozilla site exposed encrypted passwords EmptyRe: Mozilla site exposed encrypted passwords

more_horiz
Very odd thing to happen.

descriptionMozilla site exposed encrypted passwords EmptyRe: Mozilla site exposed encrypted passwords

more_horiz
I would've thought they'd have two different servers. One for public and confidential. Seems like it would have had to been intentional, but who knows.

descriptionMozilla site exposed encrypted passwords EmptyRe: Mozilla site exposed encrypted passwords

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum