[ISN] Atlassian plugs security hole

From: InfoSec News <alerts_at_private>
Date: Wed, 14 Apr 2010 00:25:16 -0500 (CDT)
http://www.itwire.com/it-industry-news/strategy/38248-atlassian-plugs-security-hole

By Renai LeMay
iTWire
13 April 2010 

Australian collaborative software developer Atlassian today warned 
customers today that it had in the past several days plugged a security 
hole that could have compromised customer passwords.

Australian collaborative software developer Atlassian today warned 
customers that it had in the past several days plugged a security hole 
that could have compromised customer passwords.

"Around 9PM US PST Sunday evening, Atlassian detected a security breach 
on one of our internal systems. The breach potentially exposed passwords 
for customers who purchased Atlassian products before July 2008," said 
the company's chief executive, Mike Cannon-Brookes (pictured), writing 
on the company’s corporate blog.

"During July 2008, we migrated our customer database into Atlassian 
Crowd, our identity management product, and all customer passwords were 
encrypted. However, the old database table was not taken offline or 
deleted, and it is this database table that we believe could have been 
exposed during the breach."

[...]


___________________________________________________________
Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
http://conference.hitb.org/hitbsecconf2010dxb/
Received on Tue Apr 13 2010 - 22:25:16 PDT

This archive was generated by hypermail 2.2.0 : Tue Apr 13 2010 - 22:27:58 PDT