BrowserStack Back Online After Hack
Posted on November 11, 2014 by Kara Dunlap in Security
BrowserStack is back online after temporarily suspending service due to an attack.
The company stated it had been hacked after someone sent an email to customers claiming the company was shutting down and had failed to follow-through on promises related to security. Founded in 2011, BrowserStack is a cross-browser testing tool used to test websites and servers.
A copy of the email was posted to Pastebin.
“Not only do all of our administrators have access, but so does the general public,” the hacker claims in the email. “We have no firewalls in place, and our password policies are atrocious. All virtual machines launched are open to the public, accessible to anyone with the alpha password “nakula” on port 5901, a password which is stored in plaintext on every VM. As well, our infrastructure uses the same root passwords on all machines, which is also stored in plaintext on every VM launched (“c0stac0ff33″).”
“Given the propensity for cyber criminals to target infrastructure services such as ours, it is almost certain all of your data has been compromised,” the email states. “These passwords take no less than 15 minutes to find for anyone who is looking. We hope we have not caused you too much trouble, and to our enterprise customers who signed deals contracts based on a fabrication, we are equally sorry.”
It is not known whether any of the hacker’s claims in the email are true. According to BrowserStack, the hacker’s access was limited solely to a list of email addresses.
“All BrowserStack services are now up and running,” the company tweeted shortly after noon PST. “We are keeping a strong check and will email all users the entire analysis.”
The company said it will post a post-mortem of the attack.
BrowserStack serves some 25,000 customers and more than 520,000 registered developers across the world.
Brian Prince is a Contributing Writer for SecurityWeek.
Tags:
Fortinet to Buy Back Up to $200 Million in Stock
Posted on December 9, 2013 by Kara Dunlap in Security
Network security firm Fortinet announced on Monday that it would buy back up to $ 200 million of its stock as part of a share repurchase program expected to run through December 31, 2014.
The timing, number and value of shares repurchased under the program will be determined by Fortinet management at its discretion, with the company being able to repurchase shares from time to time in privately negotiated transactions or in open market transactions, the company said in a statement.
“The implementation of our first share repurchase program reflects Fortinet’s confidence in the long-term strength and strategy of the company, as well as our commitment to returning shareholder value,” said Ken Xie, Fortinet’s Founder, Chairman and CEO. “Though we remain focused on continuing to invest in our business to capitalize on our growth opportunities, at the same time, Fortinet’s financial performance and healthy cash flow generation allows us to be confident and opportunistic in repurchasing shares.”
While the Board of Directors has authorized the share repurchase program, the company is not obliged to repurchase any shares under the authorization, and the program may be suspended, discontinued or modified at any time, for any reason and without notice, the Fortinet said.
Tags:
