//
you're reading...
IT, Security

Source Forge Hack

All of us downloading from SourceForge[1] regularly need to watch this one[2].

The SSH daemon had been compromised and thus project passwords may have been exposed.
The potential problem is that any exposed code may have been hacked itself and thus, being honest, the entire repository becomes distrusted.
Also, the notifications are being distrusted as this is exactly the kind of message we are told to ignore •everyday•. Phishing[3] it’s called.

There is a lot on news[4][5] on the issue and the SourceForge blog[6] itself is updated with information as it happens.
There is a good article there on what actions are being taken.

It is a shame that the Open Source community has been attacked in this way. The service SourceForge have offered over the years is an excellent example of the IT community working cooperatively.


References
[1]SourceForge.Net 03/02/2011
[2]Google News (SourceForge Hack) 03/02/2011
[3]Dictionary.Com (Phishing) 03/02/2011
[4]Te Register (SourceForge Response) 03/02/2011
[5]Softpedia (security) 03/02/2011
[6]SourceForge ()blog 03/02/2011


Back to top
Good luck guys.

– Posted using BlogPress from my iPhone

Advertisements

About harlekwinblog

"Thoughts of an idle mind." Information Security professional.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

RSS This Blog…

  • An error has occurred; the feed is probably down. Try again later.

Share me…

Bookmark and Share

Twitter Updates

February 2011
S M T W T F S
« Jan   Mar »
 12345
6789101112
13141516171819
20212223242526
2728  
%d bloggers like this: