Hacker News new | comments | show | ask | jobs | submit login
Tell HN: Sourceforge servers compromised
121 points by sucuri2 2277 days ago | hide | past | web | 8 comments | favorite
Multiple sourceforge servers were compromised, so treat anything in there as compromised (including files you download, etc).

Info: http://sourceforge.net/apps/wordpress/sourceforge/2011/01/27/sourceforge-net-attack-update/



This was posted a few days ago, probably related:

"sourceforge entry point seems still active."



As far as I could tell, that post was just about one specific SF project that had a vulnerable PHP CMS installed on their web space. It's possible that the more general problem of projects being allowed to install/manage their own software got leveraged into a larger exploit, though.

Just yesterday, I checked out the latest version of Spim (9.0, now with Qt GUI!) from Sourceforge svn. Now I can audit the source, or just hope that attackers just wouldn't bother installing backdoors in such a minority program. I think I'll do the latter.

>"SPIM is a MIPS processor simulator, designed to run assembly language code for this architecture. The program simulates R2000 and R3000 processors, and was written by James R. Larus [...]"


Spim! Nice to hear it's still being worked on.

The Qt GUI is nice; however, what I need more is support for acceptance testing of programs generated by the students' compilers. I guess I'll just diff the output of command-line spim like last year.

Is there a place where I can see a list of sourceforge project names? I'd really like to merge that with my list of applications now.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact