[Toolserver-l] JIRA attacks
Matthew P. Del Buono
mpdelbuono at gmail.com
Tue Apr 13 21:12:35 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey Toolserver admins,
I wanted to raise an issue about an ongoing set of attacks against JIRA
installations. Yesterday, I received an email from Atlassian indicating
that their JIRA installation had been compromised and to reset
passwords. Today, the Apache foundation sent me an email regarding the
same attack against their own team.
The attack is a XSS attack against JIRA that is now patched (and was
patched today, April 13). A good set of details about it are at
https://blogs.apache.org/infra/entry/apache_org_04_09_2010
I'm not saying Toolserver's JIRA has been or will be attacked, but the
script kiddies behind this seem to be going after high-profile locations
so I think it would be prudent to update JIRA when you can just to be
safe. I thought I'd let you all know.
Regards,
- -- Shirik
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJLxN5CAAoJEN2UI7T9ssUIXCAIAK71Zl3GYENIaraKurW9yVwP
crI6tTxpaWc6w9t1bi5rNp5UZlqAS+wHTWF6iiYpsZoBr/tMc0bKNhQSO/8OtOo9
wgYo+eHXVokoj3lHEqi5kRedZCyIP+sYInUhbmeNk1SHWvxTuW7oPzHuEDZzO59s
2yM2pM9hpIgB0H60Ehji91ohTiHLa7lRCzZN6KQbUvaAKWeDswQaHEkcTh89mjEI
5ga8lKfCiBLIIDrRSP7ROjNhj90lDTytRuYEXi3+h2kf4iQbsFKC9U2gdfUAvBa/
PoX2/T3nfcRN57cwe6yxbCoQvUNtKc9mzIofo5XCB5uUUVw4LLUOurZYb/QCTTc=
=xiwz
-----END PGP SIGNATURE-----
More information about the Toolserver-l
mailing list