Milos Zikic - Personal site, sharing thoughts about startups, products and engineering

Why security is important and should we rethink one-time passwords

Today I got mail from apache saying that their JIRA was attacked and its security mechanism breached using cross site scripting (XSS) attack which resulted in gaining all user data from the server hosting apache JIRA. Hopefully apache has a good policy of one-time password policy so this was not propagated to rest of their servers.


Original link:
https://blogs.apache.org/infra/entry/apache_org_04_09_2010


Apache guys informed Atlassian of this security flaw but they didn't manage to react on time which resulted with breach in their own system: http://blogs.atlassian.com/news/2010/04/oh_man_what_a_day_an_update_on_our_security_breach.html


Bad news but this should be a good lesson learned for all of us and to think of security as much as possible and always question ourselves.


And the last one consider having different passwords for all of your social services and specially for sensitive accounts!


Oh yeah and great work for apache team on detecting and handling this. 

Share this post