Bugzilla which is most coveted bug tracking system by Mozilla
foundation got hacked and the group of hackers was able to steal bit of
information about Zero-day bugs which was unpatched as revealed by
Mozilla Foundation.
According to the revelations made it is assumed that hackers had a
pre notion of unpatched zero day bugs in Firefox web browser for more
than a year. Mozilla identified breach into user’s account that has been
used to gain privileges access to Bugzilla.
According to the sources the hackers had this information and access
from 2013 and they had ample time to utilize and exploit the software
with flaws for a good amount of time.
As per insights there were 185 secret bugs and out of 185 53 are
considered to be vulnerable. Hackers must have exploited them for more
than a year before Mozilla fixed it right.
To save the maximum out of list 43 flaws were already patched before
hackers intruded the software as per Mozilla records but still there
lies a risk of 10 bugs which were accessed by hackers.
In past, Mozilla fixed one bug and patched it on August 6th
2015 and found that the same bug was used by hackers 36 days ago. Out
of the bug list, a hacker already used one bug for their advantage as
they used bug to cull out private data from a Russian news website which
is commonly visited by Firefox users.
The most amazing part of this breach is Hackers gad no idea of any
zero day flaws existing in the software. Information revealed that
user’s reused those retrieved password of Bugzilla with other websites
and the password got hacked through a data breach.
Google and Facebook make sure that users use unique passwords as this
data breach took place because the same password was used on a
compromised site and password got hacked. Passwords reuse is the common
problem faced by many security providers.
Richard Barnes who is the Firefox’s security lead blogged about
Bugzilla getting improved by Mozilla in a blogpost this Friday. He
commented about security stating that they are working on the updating
Bugzilla and its security practices. As a call to action for this hack
they already put a two-factor authentication.
Adding more to security, Barnes said they had also set up the level
of privileges to users so that in case hackers intruded their accounts
they could not get much information from user’s accounts.
The good news about Firefox is the latest version has fixed all the
problems that might be used by hackers in the last few hacks. Mozilla
will be more alert and cautious about their security from now onwards.
No comments:
Post a Comment