What I Learned from the apache.org Break-in

Here’s my initial take-away after reading about the recent apache.org XSS-initiated break-in:

That’s a bare minimum; I’m still thinking about how vulnerable the organization I work for might be. Most of this probably seems obvious, but I’m betting that these and other less-than-best practices are extremely common.

Ref: https://blogs.apache.org/infra/entry/apache_org_04_09_2010

1 This is a purely hypothetical scenario. ;)

[2] Just kidding?