Mozilla Dumps Info of 76,000 Developers To Public Web Server 80
wiredmikey writes Mozilla warned on Friday that it had mistakenly exposed information on almost 80,000 members of its Mozilla Developer Network (MDN) as a result of a botched data sanitization process. The discovery was made around June 22 by one of Mozilla's Web developers, Stormy Peters, Director of Developer Relations at Mozilla, said in a security advisory posted to the Mozilla Security Blog on Friday. "Starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server," Peters wrote. According to Peters, the encrypted passwords were salted hashes and they by themselves cannot currently be used to authenticate with the MDN. However, Peters warned that MDN users may be at risk if they reused their original MDN passwords on other non-Mozilla websites or authentication systems.
What the fuck has happened to Mozilla?! (Score:1, Interesting)
The name "Mozilla" used to be among the most respected names in computing. It represented integrity, honesty, innovation, and quality software.
Bugzilla was one of their first successes. It was widely used during the early 2000s, and some development teams still use it to this day. It's the kind of tool that helped make a lot of software development teams a lot more efficient, and it helped users do what they could to get a better experience out of the software they were using. People's lives were made better.
And then when Phoenix/Firebird/Firefox first came on the scene, it was revolutionary. Mozilla was graciously providing us with a high-quality open source web browser that was far more secure and usable than its competitors. This new browser offered a better browsing experience for pros and new users alike. A large number of people immediately found it to be useful, and it saw widespread adoption. People's lives were made better.
Then they released Thunderbird. Again, it was a great piece of software that many people rapidly found to be very useful. People's lives were made better.
But then something happened. I don't know exactly what it was, but around 2010 or so things really started to slide downhill for Mozilla. Maybe it was the rise of Google Chrome, which provided some serious competition for Firefox. Maybe it was how they reacted to this competition from Chrome, by throwing away everything that made Firefox good and usable in their rush to imitate Chrome to the very last detail. Maybe it was a change in culture, with more hipsters getting involved, and taking away influence from the sensible old guard who had founded Mozilla and achieved its early success. Maybe it was the rise of mobile computing.
Like I said, I don't know what it was. But since around 2010 we've seen nothing but total bullshit from Mozilla. All of the Firefox design changes have ruined it for a lot of users. The user experience is similar to or worse than Chrome's, but at least Chrome is a faster browser (don't waste our time with the bullshit benchmarks that Mozilla tries to use to ineffectually refute this fact). I read an article linked to from another submission here at /. about how Firefox's usage share is under 13% now [arstechnica.com], and it is even below Safari's! With Safari, Chrome and even IE giving a better experience than Firefox, it's no wonder why people are switching away!
Then Mozilla gave Thunderbird to the community to maintain, which essentially means they killed it as a product. Then they wasted a bunch of effort on that failed authentication system (sorry, I can't even remember the name of it). And then they wasted even more on that failed mobile OS that nobody really wants. Do they seriously think they're going to compete with iOS and Android by offering a half-assed mobile OS (sorry, I can't remember its name, either) that doesn't support real native apps of any kind? Come on, every HTML5 and JS "app" I've ever seen has been total shit. And if a usable HTML5/JS app ever was created, it would probably run just fine on Android and iOS! There's no need for another mobile OS that'll be less used than even BlackBerry OS and whatever Microsoft's mobile OS is these days.
Although I think that Mozilla has a mobile version of Firefox out now, I don't know anyone who actually uses it. I rarely hear about it, and when I do it's never positive. I do hear positive things about the mobile Opera, Chrome and Safari browsers, though. So as far as I can tell, this mobile version of Firefox is pretty much irrelevant.
And then there were all those shenanigans recently about their former CEO who donated money to some cause that some people got offended about and whined a lot about, causing him to step down, or something like that.
Now we have this whole data leak debacle, which is totally stupid and probably should never have even happened in the fi
Re:Slashdot comments (Score:2, Interesting)
I think people in here believe that Mozilla made an honest mistake here. A mistake that wasn't a result of cost cutting or malice.
In those instances, a little understanding is called for.
Re:Mozilla... (Score:3, Interesting)
Oh? Shame you haven't helped others like Mozilla with that. It would sure be nice if you could spread your magical immunity from human error out to others, but apparently you're too professional to share that wisdom.
Best practices for avoiding leaks of important stuff are well known (and, really, Mozilla didn't suck here). But they had insufficient code or process review somewhere, to have had this leak. Normally, I'm all for rapid, agile development, but when it comes to the important stuff don't do that. Go slow. Get 20 people to review the change. Come back after a week or a month and review it again. It's important, don't rush it. There's very little most of us work on that's actually important, since most people don't work on life safety code, but user personal info counts.
Sounds like the process that was supposed to scrub this info was failing for quite some time. Where was the monitoring? Where was the alerting? If a process is important, you don't let it fail silently.
None of this is rocket science. You know how some guys go on about the difference between "software engineering" and "coding"? Yeah, sometimes it's not just BS.