This blog is for volunteers, webmasters and administrators of associations, clubs, charities, communities and other groups. We discuss issues and trends in modern web technologies that help your organization achieve more with less.

This blog is sponsored by Wild Apricot membership software: a set of tools for membership administration, event registration, website management, online fundraising - with friendly and knowledgeable tech support.

See for yourself how affordable and easy it is to use: - Take a tour!

Techsoup Site Security Breach: Visitors Urged to Take Precautions

Techsoup.org, one of the best non-profit resources online, has suffered an SQL Injection attack. The site was taken down promptly when suspicious activity was identified, but Techsoup account holders and anyone who has visited the site in the past few days are urged to take security precautions immediately.

These types of attacks are known to exploit website vulnerabilities with the intent of distributing viruses and malware.  We do not yet know all the details of this attack at this time.  We do not have any specific evidence that malware or viruses were actually distributed; however, it is possible that people who visited our websites between 8:00PM PDT, Tuesday August 5, 2008 and 7:45AM PDT, Wednesday August 6, 2008 could have been exposed to viruses or malware.  The impacted sites are:
  • www.techsoup.org
  • www.techsoup.org/stock
  • www.techsoup.org/mar
  • www.compumentor.org

We are advising anyone who visited any of the listed websites, during the hours noted above, to:

  • Make sure your anti-virus software definitions are up-to-date.
  • Run a scan of your hard drive to ensure no viruses or malware show up and follow the instructions to quarantine them.
  • Review the information at http://www.us-cert.gov/cas/tips/ about managing viruses.
  • Please continue to check this webpage (which is safe!) for further updates.

There's no specific reason to believe that the personal data of any site user has been compromised, Techsoup notes, but takes the opportunity to remind its site users to follow recommended “best practices” for safe computing. We hope that Techsoup, a vital resource for the non-profit sector, is able to resolve this issue quickly.

It's as well to note that Techsoup is far from being alone in suffering a security breach of this nature. A security attack on Convio's GetActive software systems last year resulted in personal data being accessed by an unauthorized third-party, and Microsoft justrecently issued a security advisory to warn of an increase in SQL Injection attacks.

This most recent attack is just another reminder that security is a critical issue -- and it's only going to become more important, as time goes on, as web users demand more and more interactivity from their online experience.

You could call this the "down side" of Web 2.0.

Many websites are happily installing various modules on their servers – discussion boards, listservs etc. -- and you need to remember that each one of these can be a potential doorway into your server.Check that there are no open security issues reported, change the passwords on your online accounts at least once a month, and keep your operating system and other software updated with the latest security patches.

"Balancing security and functionality is very tough," Wild Apricot's Dmitry Buterin confirms. "Many times we had to not release certain features that are very common at many other sites-- but we had to postpone it to ensure the security of our overall system."


Published Thursday, August 07, 2008 6:02 PM by Rebecca
Email to friend AddThis Social Bookmark Button

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

 

Marnie Webb said:

Marnie Webb, here, co-CEO of TechSoup. Thanks for helping to spread the word about the precautionary actions that users can take. We posted the ones you quoted above and also made some other recommended actions.

I do want to emphasize that we have no reason to believe that our users personal data was compromised but do want to remind people, as you state so well above, to take appropriate security measures with regard to passwords.

August 7, 2008 3:04 PM
 

Rebecca said:

Thanks for this, Marnie. And we'll remind people that status updates (as well as your security recommendations) are posted at http://www.techsoup.org/index.html ... and it looks like the site is coming back into operation now.

Note: the advice to update software and change passwords is still applicable, of course -- for anyone who is online, not just Techsoup users!

August 7, 2008 5:05 PM
 

Rebecca said:

We're pleased to see that Techsoup service is now restored: http://www.techsoup.org/maintenance/page10338.cfm

August 8, 2008 10:03 PM

Leave a Comment

(required) 
(optional)
(required) 
Submit
RSS feed:

We write on web technology and social media tools for non-profits - charities, associations, clubs and other organizations

  • How web masters and administrators can do more with less
  • Web 2.0 and Social Media trends
  • Ease of use - technologies that delight you and those that frustrate you
  • Industry news and upcoming events
  • Case studies and best practices

You will also see occasional posts about Wild Apricot product but we strive to be unbiased and helpful and focus on broader issues of interest to member-based, charitable and community organizations - so they can use web technology more efficiently.

About me - 'Curious Apricot'

I'm Rebecca Leaman, and it's my pleasure to join the Wild Apricot blog team in exploring how to use the internet and web 2.0 tools more effectively. Currently I am the primary blog writer. I work with Bonasource's Wild Apricot marketing team.

Please feel free to contribute non-profit technology tips and ideas by commenting on blog entries.

Read more about this blog

This blog is sponsored by Wild Apricot software:

membership management, event registration and online community website for associations, clubs and communities.

Take a tour! Take a tour!

Great blogs we have come across:

If you have a great blog related to how non-profits use technology, please send a suggestion to rebecca @ wildapricot.com
Copyright © 2008. Wild Apricot (TM) by BonaSource Inc.
Terms of Use   Privacy Policy   Billing and Refund policy

Contact us: 144 Front Street West, Suite 725, Toronto, Ontario M5J 2L7, Toll-free phone: 1-877-270-4268, support@wildapricot.com