12. September 2009 · Comments Off on Apache.org site hacked – details published · Categories: Breaches, Risk Management, Security Management · Tags: ,

The Apache.org team published the details of a recent incident where one of their web sites was breached. While the details are, of course, very technical, it provides a great learning experience for the rest of us. Dan Goodin of the Register summarized the incident.

Unfortunately, most organizations are very reluctant to even admit when they are hacked, let alone share the details of the experience. Hence the various federal and state laws forcing organizations to report incidents where people's personal and/or financial information may have been disclosed.

Given the fact that Apache produces open source software (the number one web server software), it is appropriate that they would be so open about a breach.