Tue 27 April 2010 | -- (permalink)

Apache.org, which makes the world's most popular web server, was recently hacked.  Their public post-mortem of the event is impressive in its frankness and completeness.  The hack itself was made possible by a variety of vulnerabilities including software bugs (XSS exploits in JIRA), misconfigured security settings (leaving UsePAM enabled in sshd_config), and social engineering (sending people a fake password reset form).

Go read the Apache report, even if you're not normally interested in that kind of thing, if only to help prevent yourself from becoming part of the problem when this happens to your company.