Hacker News new | comments | show | ask | jobs | submit login
Tell HN: Sourceforge servers compromised
121 points by sucuri2 2277 days ago | hide | past | web | 8 comments | favorite
Multiple sourceforge servers were compromised, so treat anything in there as compromised (including files you download, etc).

Info: http://sourceforge.net/apps/wordpress/sourceforge/2011/01/27/sourceforge-net-attack-update/

http://blog.sucuri.net/2011/01/sourceforge-net-servers-compromised.html

http://developers.slashdot.org/story/11/01/27/2059200/SourceForge-Down-After-Attack-Updated





This was posted a few days ago, probably related:

"sourceforge entry point seems still active."

http://seclists.org/fulldisclosure/2011/Jan/424

http://extraexploit.blogspot.com/2011/01/sourceforge-entry-p...


As far as I could tell, that post was just about one specific SF project that had a vulnerable PHP CMS installed on their web space. It's possible that the more general problem of projects being allowed to install/manage their own software got leveraged into a larger exploit, though.


Just yesterday, I checked out the latest version of Spim (9.0, now with Qt GUI!) from Sourceforge svn. Now I can audit the source, or just hope that attackers just wouldn't bother installing backdoors in such a minority program. I think I'll do the latter.


>"SPIM is a MIPS processor simulator, designed to run assembly language code for this architecture. The program simulates R2000 and R3000 processors, and was written by James R. Larus [...]"

http://en.wikipedia.org/wiki/SPIM


Spim! Nice to hear it's still being worked on.


The Qt GUI is nice; however, what I need more is support for acceptance testing of programs generated by the students' compilers. I guess I'll just diff the output of command-line spim like last year.


Is there a place where I can see a list of sourceforge project names? I'd really like to merge that with my list of applications now.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: