All of us downloading from SourceForge regularly need to watch this one.
The SSH daemon had been compromised and thus project passwords may have been exposed.
The potential problem is that any exposed code may have been hacked itself and thus, being honest, the entire repository becomes distrusted.
Also, the notifications are being distrusted as this is exactly the kind of message we are told to ignore •everyday•. Phishing it’s called.
There is a lot on news on the issue and the SourceForge blog itself is updated with information as it happens.
There is a good article there on what actions are being taken.
It is a shame that the Open Source community has been attacked in this way. The service SourceForge have offered over the years is an excellent example of the IT community working cooperatively.
Google News (SourceForge Hack) 03/02/2011
Dictionary.Com (Phishing) 03/02/2011
Te Register (SourceForge Response) 03/02/2011
Softpedia (security) 03/02/2011
SourceForge ()blog 03/02/2011
Back to top
Good luck guys.
– Posted using BlogPress from my iPhone
No comments yet.