Okay, first time shame on them (first attacker), second time shame on you (SFX team)...

I support Firefox and I even a member of SFX but seriously, this has to stop as it does hurt the credibility of Firefox and Mozilla.

How?

Logic for most people sadly will go like this...

HQ for Firefox promotion hacked not once but twice must mean the people behind SFX are behind Fx must mean Fx is easily hacked... solution? I shouldn't use anything related to Fx or Mozilla... problem solved.

FYI: this has nothing to do with Firefox the browser or its security.

Big Deal........ They need a honey pot...as a decoy. Guess this means they're in the big boys club.

Big Deal. Someone ran a script against an unpatched server. Woo-Hoo. Wow, this is pretty exciting.

Let us bury the myth of any "security" linked to Firefox (or its evangelism sites) once and for all.

guess you can say that of ANY software, because no software is truely secure

Why because a software package completely unrelated to firefox had a flaw?

What sort of scientific evidence is that?

Of course accept for "Firefox" the fan-boys would suggest.

Thats already been disproven so I dont have to argue that one :)

Did you even read. This was the result of a third party program on the server. Noting at all to do with Firefox. Lets just bury you since you obviously don't know what you are saying. Besides they Myth of security has been burried for a while now anyway. I never go tthe hwole hyp eover it being so secure anyway. Any idiot should have known it wouldn't be totally secure. After all, it is man made just like IE. Telling someone a browser is totally secure is like trying to tell them that swiss cheese doesn't have holes.

Just goes to show that as soon as you attract a crowd, someone will crack it. Until it reaches its critical mass, crackers don't waste their time.

Look at it as a strange validation. Firefox is worth having crackers spend time on it. ;)

Umm, THIS WASNT A FIREFOX BROWSER HACK, PLEASE READ THE ARTICLE. THEIR WEBSITE (spreadfirefox.com) was hacked

You didn't even read the first sentence. LOL

I think he is refering to the fact that Hackers are taking notice of firefox, and are begining to attack its websites, and software, given that Firefox has become popular.

If someone some how was able to hack into support.microsoft.com for example ppl here would standing outside with torches and pickforks ready to lash at MS.

Doubtful, most of the people that consider themselves hackers (justifiably or otherwise) use Firefox.

I'd venture a guess that it was an MSFT appologist script kiddie that executed a 1337 sploit because he thinks he is cool.

Just my opinion of course.

Whether hackers use the software or not does not make it immune to an attack. Sometimes an attack could be done by a group, or an individual, who does not agree with the product or has something to prove. Other times it is a direct attack on the users of the product.

In Firefox's case:

1. It has been hyped as the most secure browser ever. This gives hackers (and wanna-be-hackers) a incentive to find the first (or most dangerous) exploit.

2. Firefox has a large user base, by finding an exploit they can directly attack the users of that product.

3. Some people diagree with the over commercialisation of Firefox.

I'm sure there are many other reasons out there as to why people dislike Firefox or want to attack the software.

At the end of the day, the software itself was not attacked in this situation. If the attackers wanted to prove that Firefox was unsafe they have failed. By attacking the servers that host (or distribute) the software, they are saying "You're software is too hard to attack, so we will do the next best thing... attack your site".

In my opinion, this isn't a direct attack at Firefox. This is an attack on a high profile site, in hopes of getting recognition or boosting the attackers ego.

I can't disagree with that. :-)

S-E-C-U-R-I-T-Y ?

These guys need to get their acts together, this is rediculous.

I'd love to see the stats on how often they are attacked and not disrupted though. I'm sure it's probably quite high.

It's not that hard to lock down a website.

Maybe if they used Microsoft software they wouldn't have gotten hacked again.

Hah!

Oh you mean ActiveX? Give me a break.....

This is a copy of an e-mail I received rom SpreadFirefox.

"The Spread Firefox Team became aware this week that the server hosting
Spread Firefox, our community marketing site, has been accessed by
unknown remote attackers who attempted to exploit a security
vulnerability in TWiki software installed on the server. The TWiki
software was disabled as soon as we were aware of the attempts to access
SpreadFirefox.com. This exploit was limited to SpreadFirefox.com and
did not affect mozilla.org web sites or Mozilla software.

We have scanned Spread Firefox servers and at this time do not believe
any sensitive data was taken, but as a precautionary measure we have
shutdown the site and will be rebuilding the web site from scratch. We
also recommend that you change your Spread Firefox password and the
password of any accounts where you use the same password as your Spread
Firefox account. We will notify you again when the site is back up with
instructions on how to change your password. (Note: We do use MD5
hashing on the passwords, but MD5 cannot protect all passwords against
off-line dictionary style attacks.)

After Spread Firefox was compromised in July, we instituted procedures
to ensure that we apply all security fixes to the software running the
site (Drupal and PHP) as soon as they become available. Unfortunately,
those procedures overlooked the installation of the TWiki software since
it is not used by the main Spread Firefox site. When the system is
rebuilt, all the software will be audited to ensure that security
updates will be applied in a timely manner. We deeply regret this
incident and any inconvenience this may have caused you. Sincerely,

Spread Firefox Team
Mozilla Foundation"

ActiveX and MS software have nothing to do with this hack, this was a third party piece of software which was hacked, not a web server or a browser

I guess you dont recognize sarcasm when you see it.........

He wasn't referring directly to ActiveX. He was referring to a product of Microsoft's that is notorious for being unsafe.

Sounds like they are making a good effort towards securing their website, and just overlooked one piece of software. While unfortunate that it was overlooked, it's not uncommon.