Facebook Twitter LinkedIn E-mail RSS
Home News SourceForge Hacked & Aftermath
formats

SourceForge Hacked & Aftermath

Published on February 6, 2011, by in News.

Reputable open source project repository, SourceForge, has confirmed reports of hacking attack on their servers and theConcurrent Versions System (CVS).

The attack was believed to be targeting at capturing passwords having found their SSH servicemodified to perform password capturing [5].

SourceForge has taken multiple security measures in response to this incident. For example, moving from CVS to Subversion to keep track of their open source software.

Read the full attack report at [5].

SourceForge has also email-ed all their members to reset their password since detection of the incident [6].

We recently experienced a directed attack on SourceForge infrastructure (http://sourceforge.net/blog/sourceforge-net-attack) and so we are resetting all passwords in the sf.net database – just in case. We’re emailing all sf.net registered account holders to let you know about this change to your account.

Our investigation uncovered evidence of password sniffing attempts. We have no evidence to suggest that your password has been compromised. But, what we definitely don’t want is to find out in two months that passwords were compromised and we didn’t take action.

So, as a proactive measure we’ve invalidated your SourceForge.net account password. To access the site again, you’ll need to go through the email recovery process and choose a shiny new password.

Remember to change the password for the rest of your accounts too. ;)

References

[1] Dennis Fisher. SourceForge Site Compromised By Attackers. January 28, 2011.

[2] Sucuri Research Blog. SourceForge.net servers compromised. January 28, 2011.

[3] SourceForge.net: Project SourceForge. SourceForge.net Attack Update. January 28, 2011.

[4]Jeremy Kirk. After attack, SourceForge speeds move to new security model. January 31, 2011.

[5]SourceForge Admin. SourceForge Attack: Full Report. January 29, 2011.

[6] John Leyden. SourceForge applies global password reset after hack attack. January 31, 2011.

 

Also read: [EZINE] Owned and Exposed – Issue No. 2.

It is mentioned that hackers can easily backdoor software repository of SourceForge.

Leave a Reply

Your email address will not be published. Required fields are marked *


− two = 3

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>