you're reading...
IT, Security

Source Forge Hack

All of us downloading from SourceForge[1] regularly need to watch this one[2].

The SSH daemon had been compromised and thus project passwords may have been exposed.
The potential problem is that any exposed code may have been hacked itself and thus, being honest, the entire repository becomes distrusted.
Also, the notifications are being distrusted as this is exactly the kind of message we are told to ignore •everyday•. Phishing[3] it’s called.

There is a lot on news[4][5] on the issue and the SourceForge blog[6] itself is updated with information as it happens.
There is a good article there on what actions are being taken.

It is a shame that the Open Source community has been attacked in this way. The service SourceForge have offered over the years is an excellent example of the IT community working cooperatively.

[1]SourceForge.Net 03/02/2011
[2]Google News (SourceForge Hack) 03/02/2011
[3]Dictionary.Com (Phishing) 03/02/2011
[4]Te Register (SourceForge Response) 03/02/2011
[5]Softpedia (security) 03/02/2011
[6]SourceForge ()blog 03/02/2011

Back to top
Good luck guys.

– Posted using BlogPress from my iPhone

About harlekwinblog

"Thoughts of an idle mind." Information Security professional.


No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: