//
you're reading...
IT, Security

Source Forge Hack

Posted by Leave a comment
Filed Under  , ,

All of us downloading from SourceForge[1] regularly need to watch this one[2].

The SSH daemon had been compromised and thus project passwords may have been exposed.
The potential problem is that any exposed code may have been hacked itself and thus, being honest, the entire repository becomes distrusted.
Also, the notifications are being distrusted as this is exactly the kind of message we are told to ignore •everyday•. Phishing[3] it’s called.

There is a lot on news[4][5] on the issue and the SourceForge blog[6] itself is updated with information as it happens.
There is a good article there on what actions are being taken.

It is a shame that the Open Source community has been attacked in this way. The service SourceForge have offered over the years is an excellent example of the IT community working cooperatively.

References
[1]SourceForge.Net 03/02/2011
[2]Google News (SourceForge Hack) 03/02/2011
[3]Dictionary.Com (Phishing) 03/02/2011
[4]Te Register (SourceForge Response) 03/02/2011
[5]Softpedia (security) 03/02/2011
[6]SourceForge ()blog 03/02/2011

Back to top
Good luck guys.

– Posted using BlogPress from my iPhone

About harlekwinblog

"Thoughts of an idle mind." Information Security professional.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Categories

RSS This Blog…

  • An error has occurred; the feed is probably down. Try again later.

Share me…

Bookmark and Share
February 2011
S M T W T F S
 12345
6789101112
13141516171819
20212223242526
2728  

Networked

”Add Technology & Science Blogs - BlogCatalog Blog Directory

G+

Google+
%d bloggers like this: