Jira at apache.org was hacked

Tuesday, 13 April 2010 at 14:21 UTC Leave a comment

The Apache Infrastructure Team Incident Report 04/09/2010 released today 13. April 2010 about the hack of jira.apache.org.

Thank you guys for this helpful disclosure.

There is no clear information available today what was the root cause of the Atlassian security breach (published yesterday).

Today we got detailed information from Apache Infrastructure Team about the breakin at jira.apache.org:

1. We notified Atlassian of the previously unreported XSS attack in JIRA and contacted SliceHost. Atlassian was responsive. Unfortunately, SliceHost did nothing and 2 days later, the very same virtual host (slice) attacked Atlassian directly.
2. The attackers had root access on brutus.apache.org for several hours, and we could no longer trust the operating system on the original machine.
3. Service isolation worked with mixed results. The attackers must be presumed to have copies of our Confluence and Bugzilla databases, as well as our JIRA database, at this point.

UNBELIEVABLE!

What todo now:

  1. Checkout all background information about this vulnerability of JIRA.
  2. Check and Upgrade all non-internal JIRA and other Atlassian systems world-wide to prevent these attacks.

And we all should never forget:
Install 3rd party applications as root and run them as user with limited privileges.

[1] Apache Infrastructure Team Incident Report (13 Apr 2010) related to jira.apache.org
[2] Max on Improving Web Security: Six Ways the Apache.org JIRA Attack Could Have Been Prevented by Better Cod (13 Apr 2010)

Advertisements

Entry filed under: web. Tags: , , .

Atlassian security breach and customer support in real-time write specifications and implement in parallel

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Categories


%d bloggers like this: