bit-tech.net

Mozilla coughs to developer database leak

Mozilla coughs to developer database leak

A glitch in a database sanitisation process has publicised the email addresses of 76,000 Mozilla developers, and the passwords of a further 4,000.

The Mozilla Foundation has apologised for a security foul-up that has seen the email addresses of around 76,000 of its registered developers and around 4,000 passwords published on a publicly-accessible website.

The Mozilla Developer Network, as its name suggests, is the group to which developers wanting to hack on the Foundation's various projects - the Firefox web browser being the most famous - belong. Their email addresses and passwords are stored by Mozilla, but data relating to them sanitised from publicly-accessible database outputs - at least, that's the theory.

'The issue came to light ten days ago when one of our web developers discovered that, starting on about June 23, for a period of 30 days, a data sanitisation process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server,' explained Mozilla's director of developer relations Stormy Peters in a blog post admitting to the flaw. 'As soon as we learned of it, the database dump file was removed from the server immediately, and the process that generates the dump was disabled to prevent further disclosure. While we have not been able to detect malicious activity on that server, we cannot be sure there wasn’t any such access.'

The email addresses leaked by the database dumping were visible in plain-text, but Peters has confirmed that all passwords were stored in a salted hash format, which should make them harder for ne'er-do-wells to abuse. 'It is possible that some MDN users could have reused their original MDN passwords on other non-Mozilla websites or authentication systems,' admitted Peters. 'For those that had both email and encrypted passwords disclosed, we recommended that they change any similar passwords they may be using.'

Peters has confirmed that as well as patching the original flaw and removing the data from public view, Mozilla's security team is looking at ways of preventing similar issues from occurring again in the future.

12 Comments

Discuss in the forums Reply
RedFlames 4th August 2014, 13:54 Quote
I got that email, having recieved it it explains why Gmail's spam filter has been going nuts on that account...
bawjaws 4th August 2014, 19:04 Quote
Do you guys have an algorithm that translates article titles from plain English into Techwebsitespeak? I swear that I've never seen "cough" used as a synonym for admit or "tease" for preview anywhere other than on Bit and a handful of other tech sites. :D
RedFlames 4th August 2014, 20:28 Quote
Quote:
Originally Posted by bawjaws
Do you guys have an algorithm that translates article titles from plain English into Techwebsitespeak? I swear that I've never seen "cough" used as a synonym for admit or "tease" for preview anywhere other than on Bit and a handful of other tech sites. :D

Mr Halfacree probably writes for those sites... he gets around a bit...

I thought using 'cough [up] to' for admit and 'tease', one of the dictionary definitions being 'To entice, to tempt.' for a preview were pretty common...
Gareth Halfacree 5th August 2014, 09:21 Quote
Quote:
Originally Posted by RedFlames
Mr Halfacree probably writes for those sites... he gets around a bit...
True, dat.

Seriously, though, "tease?" Bawjaws, you've *never* heard the word "tease?" They're even called teaser trailers! Just you wait til you see me use the word "hiccough," it'll blow your mind...
Corky42 5th August 2014, 09:30 Quote
Quote:
Originally Posted by bawjaws
Do you guys have an algorithm that translates article titles from plain English into Techwebsitespeak? I swear that I've never seen "cough" used as a synonym for admit or "tease" for preview anywhere other than on Bit and a handful of other tech sites. :D

Maybe it's an English thing :? I wouldn't say using cough as a synonym for admit is common, but it's certainly used, in most English dictionaries, although i get the feeling it maybe slang.
bawjaws 5th August 2014, 14:32 Quote
Quote:
Originally Posted by Gareth Halfacree
True, dat.

Seriously, though, "tease?" Bawjaws, you've *never* heard the word "tease?" They're even called teaser trailers! Just you wait til you see me use the word "hiccough," it'll blow your mind...

Of course I have :D But I've not seen it used in the context "Manufacturer X teases new product Y", which is the usage I've seen on this site. Why are those manufacturers making fun of those new products? :D

My point was more that there are a couple of turns of phrase that appear in the article titles here that I've genuinely never heard used outwith a handful of websites, all of which are computer or videogame sites (and none of which, to my knowledge, feature the fine work of Mr Halfacree). I merely wondered whether there was some editorial policy at Bit that was responsible, and whether there was some attempt being made to mimic other sites that use this style.
Nealieboyee 5th August 2014, 14:50 Quote
All these words sound very sexual....


Its all so exciting! :)
Gareth Halfacree 5th August 2014, 15:58 Quote
Quote:
Originally Posted by bawjaws
Of course I have :D But I've not seen it used in the context "Manufacturer X teases new product Y", which is the usage I've seen on this site. Why are those manufacturers making fun of those new products? :D
You're aware that words often have more than one meaning, yes? In this case, the reason we say a product is "teased" or that a manufacturer (or publisher, or film maker) is releasing a "teaser" is because of definition 1.1 in the Oxford English Dictionary: "Tempt (someone) sexually with no intention of satisfying the desire aroused." Naturally, the use of the word is in the slang; there's no sexual element to a new case or piece of software. It's used in much the same way that one might say a new piece of hardware is "sexy" when there is no actual sexual arousal, and most commonly - as in the "teaser trailer" I linked above - when, like the sexual frustration of the OED's definition, the information released is enough to pique one's interest but not enough to fully satisfy the reader's curiosity. It is, in short, a metaphor, translating intellectual disappointment into the sexual realm.
Quote:
Originally Posted by bawjaws
My point was more that there are a couple of turns of phrase that appear in the article titles here that I've genuinely never heard used outwith a handful of websites, all of which are computer or videogame sites (and none of which, to my knowledge, feature the fine work of Mr Halfacree). I merely wondered whether there was some editorial policy at Bit that was responsible, and whether there was some attempt being made to mimic other sites that use this style.
If there is an editorial policy - or, hell, even a style guide - at Bit, I've never been made aware of it in the time I've worked here. My words are my own, no-one else's. (Also, you're finding "cough" as a synonym for "admit" difficult to follow, but you've used the word "outwith?" Even I don't use the word "outwith!")
bawjaws 5th August 2014, 16:14 Quote
Quote:
Originally Posted by Gareth Halfacree
(Also, you're finding "cough" as a synonym for "admit" difficult to follow, but you've used the word "outwith?" Even I don't use the word "outwith!")

That's because you're not Scottish :D It's pretty commonly used here, but not, er, outwith, Scotland.

Anyway, thanks for answering my question regarding the style guidelines (or absence thereof). I should say that I very much enjoy reading your articles, despite my obvious inability to grasp that words often have more than one meaning :D
Gareth Halfacree 5th August 2014, 16:20 Quote
Quote:
Originally Posted by bawjaws
That's because you're not Scottish :D It's pretty commonly used here, but not, er, outwith, Scotland.
That I did not know.
Quote:
Originally Posted by bawjaws
I should say that I very much enjoy reading your articles, despite my obvious inability to grasp that words often have more than one meaning :D
Why, thank you. I aim to please!
bawjaws 5th August 2014, 16:39 Quote
Quote:
Originally Posted by Gareth Halfacree
That I did not know.
Good of you to cough to that. ;)

Get yourself up here for a bit and a) I'll buy you a pint and b) you can marvel at how two countries can speak the same language so differently (although if you're from Yorkshire then you probably already speak a different language from other parts of England) :D

I do find the vernacular of computer journalism quite interesting, and those particular examples are just a couple that I've noticed becoming more widespread over time. Was just idly wondering whether those were uses that you'd picked up from somewhere, or indeed if you'd use them in a context other than the headline for one of your articles.
Gareth Halfacree 5th August 2014, 16:50 Quote
Quote:
Originally Posted by bawjaws
Get yourself up here for a bit and a) I'll buy you a pint and b) you can marvel at how two countries can speak the same language so differently
Oh, I've been to Scotland before, but never managed to get myself into a conversation involving the world "outwith!"
Quote:
Originally Posted by bawjaws
(although if you're from Yorkshire then you probably already speak a different language from other parts of England) :D
Eee bah gum and all that.
Quote:
Originally Posted by bawjaws
I do find the vernacular of computer journalism quite interesting, and those particular examples are just a couple that I've noticed becoming more widespread over time. Was just idly wondering whether those were uses that you'd picked up from somewhere, or indeed if you'd use them in a context other than the headline for one of your articles.
Would I use "cough" instead of "admit" outside of a headline? Yes, even though it's not particularly elegant - especially given it's a corruption of "cough up," which is more commonly used to refer to the reluctant parting of a person and a sum of money than information or admissions. It is, however, short and sharp, making for good headline fodder. There is also the delightful mental image it conjures of a PR person trying to mask the word "yes" with a cough when asked whether a particularly bad story is true - again a key feature of headlines, which need to grab the reader's attention with mental imagery in order to get them to read the story itself.

As for its usage outside headlines, you'll find it used in several of my stories over the past few years - usually as the past-tense "coughed." Paragraph three, paragraph one, paragraph four, paragraph two to name but a few examples.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums