Mozilla Data Breach
A partial database of Mozilla's addons.mozilla.org user accounts were inadvertently left on a publicly accessible server.
A researcher made Mozilla was made aware of this issue via their web bounty program on December 17th and since that time Mozilla has removed the information and yesterday, on December 27th, 2010, contacted those users who were effected.
"We were able to account for every download of the database", Mozilla said in their post. "This issue posed minimal risk to users, however as a precaution we felt we should disclose this issue to people affected and err on the side of disclosure."
Mozilla also noted that current addons.mozilla.org users and accounts are not at risk and this incident didn't impact any of Mozilla’s infrastructure.
More information can be found on the Mozilla Security Blog.
Issue 172/2015
Buy this issue as a PDF
News
-
Old Vulnerabilities Are Kept Alive Through Bad Configuration
HP's annual Cyber Risk report offers a bleak look at the state of IT.
-
Linus Torvalds Announces Linux 4.0
But what do the big numbers really mean?
-
Microsoft Frees CoreCLR
.NET Core execution engine is the basis for cross-platform .NET implementations.
-
New Trojan Attacks Linux Servers
The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.
-
Cisco Releases Annual Security Report
Spammers go low-volume, and 90% of IE browsers are unpatched.
-
Zero Day Exploits Target Flash
Adobe scrambles to release patches for vulnerable Flash Player.
-
Intel Unveils Compute Stick
Four-inch-long computer on a stick lets you boot a full Linux system from any HDMI display device.
-
Obama Proposes Personal Data Notification Law
New statute would require companies to report break-ins to consumers.
-
TGXf Project Warns of File Transfer through Screen Pixels
Weird data transfer technique avoids all standard security measures.
-
Industry Giants Announce a Fix for the Password Mess
FIDO alliance declares the beginning of the end for old-style login authentication.