In the spirit of openness the Apache foundation has released an excellent post mortem write up of their recent compromise. It started with a XSS attack leveraged through the issue tracking software they use (JIRA) and ended with complete root access on one server, limited access to another and a number of passwords compromised.
Read the entire story at https://blogs.apache.org/infra/entry/apache_org_04_09_2010
Read the entire story at https://blogs.apache.org/infra/entry/apache_org_04_09_2010
