Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

SourceForge Down After Attack [Updated]

timothy posted more than 3 years ago | from the their-bad-childhood-affects-you dept.

Open Source 143

Animats writes "SourceForge, a hosting site for many open source projects, is down today. Management claims they were attacked: 'We detected a direct targeted attack that resulted in an exploit of several SourceForge.net servers, and have proactively shut down a handful of developer centric services to safeguard data and protect the majority of our services.' Currently, CVS and SVN access to source code, even for reading, is unavailable, and there is no announced restoration time." (SourceForge and Slashdot are both part of Geeknet, Inc.) Update: 01/27 22:17 GMT by T : Mark Ramm of SourceForge contributes an update and some clarification: the site is up, and SVN is available, though CVS isn't. There's also a follow-up post on the site's blog.

cancel ×

143 comments

Sorry! There are no comments related to the filter you selected.

First Trout! (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#35024560)

I am a fish, and I don't have CVS or SVN access.

Re:First Trout! (0)

Anonymous Coward | more than 3 years ago | (#35025742)

fish go m00 oh yes they do!

Attack by prononymous? (2)

Toe, The (545098) | more than 3 years ago | (#35024564)

Now who would go and attack SourceForge? Microsoft? Oracle?

I just don't see why anyone would target an OSS repository.

Re:Attack by prononymous? (0)

Anonymous Coward | more than 3 years ago | (#35024640)

That's what I thought. Then again does every attack need to have a political statement?

Re:Attack by prononymous? (4, Interesting)

quanticle (843097) | more than 3 years ago | (#35024702)

Well, if you wanted to sneak malicious code into an open-source project, cracking its repository might be a good way to do so.

Re:Attack by prononymous? (1)

Securityemo (1407943) | more than 3 years ago | (#35024740)

It would be smarter to target the developer's box.

Re:Attack by prononymous? (2)

Lanteran (1883836) | more than 3 years ago | (#35024974)

But what if you wanted to do it en masse- plus the fact that you get to target the code of the entire project all at once.

Re:Attack by prononymous? (1)

Jane_Dozey (759010) | more than 3 years ago | (#35025770)

It's simple for the devs, now alerted to a potential compromise, to just branch the repo and do a quick diff between the last known good revision and the one on the server. I doubt a big public attack is going to compromise many projects and those it does manage to compromise are probably mismanaged anyway.

Re:Attack by prononymous? (0)

Anonymous Coward | more than 3 years ago | (#35026510)

Because there would be no possible way to crack a versioning system, especially if you already have the know-how to get past systems who's primary purpose is to protect a machine, right?

Granted, maybe (probably) you have copies elsewhere to compare against, but I would not assume that earlier versions stored on the same system are secure.

And I am no expert on CVS or SVN, but I bet there could be an argument that there is some sort of checksum in place to guard against corrupted files. But you can always create a new checksum, too. (And this line of arguments can usually go on ad infinitum)

Re:Attack by prononymous? (0)

Anonymous Coward | more than 3 years ago | (#35024738)

Now who would go and attack SourceForge? Microsoft? Oracle?

I just don't see why anyone would target an OSS repository.

There are always failures in society, even amongst criminals.

You take the Japanese Yakuza - their motto is to go after the rich and get money through extortion or other coercion and blackmail from the wealthy and wealthy corporations. On the other end of the criminal spectrum you have the criminals that prey on the weak, vulnerable and the open. Be that scum that rob Salvation Army, old people or the handicapped.

So, whom would go after SF.net? Some failure at life, that's whom.

Re:Attack by prononymous? (3, Informative)

Nadaka (224565) | more than 3 years ago | (#35024852)

You are romanticizing the Yakuza. They went after poor shopkeepers as much as the wealthy.

Re:Attack by prononymous? (4, Funny)

insertwackynamehere (891357) | more than 3 years ago | (#35025554)

You just don't get it. Everything in glorious Nippon is perfect! One day, I will travel there and they will embrace me for my love of their cartoons.

Baka gaijin.

Re:Attack by prononymous? (2)

HeckRuler (1369601) | more than 3 years ago | (#35024814)

Heinous villainous scum that need to be dragged out into the street, beaten, tarred, feathered, and beaten again for good measure. That's who.

Re:Attack by prononymous? (2)

f8l_0e (775982) | more than 3 years ago | (#35024922)

I see your dragging, beating, tarring, feather, and beaten and raise you a draw and quartering.

Re:Attack by prononymous? (5, Funny)

tverbeek (457094) | more than 3 years ago | (#35024882)

Someone who really doesn't like the new Slashdot design?

Re:Attack by prononymous? (1)

amicusNYCL (1538833) | more than 3 years ago | (#35025532)

Maybe the governments of Tunisia, Egypt, or Yemen, for example, object to these:

http://sourceforge.net/search/?q=proxy [sourceforge.net]

Re:Attack by prononymous? (1)

History's Coming To (1059484) | more than 3 years ago | (#35025644)

LOIC was hosted on SourceForge. Five people were arrested in the UK today for (from the looks of it) using it. I'm not inferring anything, if I did it would be conspiracy theory...I'm just curious as to whether the events are unrelated?

Re:Attack by prononymous? (2)

PopeRatzo (965947) | more than 3 years ago | (#35025764)

I just don't see why anyone would target an OSS repository.

The attack is probably blowback from the anger over the Slashdot design changes. Misguided, of course, but understandable? You tell me.

Re:Attack by prononymous? (3, Insightful)

jellomizer (103300) | more than 3 years ago | (#35026178)

So if Microsoft and Oracle got attacked we would all be laughing at them and making fun of their poor security. But if SourceForge got attack it is nothing but sympathy. Umm I want to know as an OpenSource Software user... How they were able to break in where was the hole. Should we be worried about our software as well.

Hope they have checksums... (2)

Anonymous Coward | more than 3 years ago | (#35024572)

One hopes they have checksums when they come back up to make sure people have slipped shit in.

Re:Hope they have checksums... (2)

mlts (1038732) | more than 3 years ago | (#35024918)

Heck with checksums. PGP/gpg signed manifest files with SHA-512 hashes for every file stored, from source code tarballs to documentation, and the PGP/gpg keys signed by multiple trustworthy keys in a WOT. This way, dropping in a fake key on a keyserver, then some signed binaries would be found out almost immediately.

For RPMs, if they are not gpg signed by someone, there is a security lapse. Same with Windows .MSI files which don't have Authenticode signatures (although the Windows certificate for a private key does cost some cash, but at least a PGP/gpg signature should be provided.)

Re:Hope they have checksums... (1)

larry bagina (561269) | more than 3 years ago | (#35026044)

wouldn't be an issue if they were using git. Every commit, every object is stored by SHA-1 hash. Additionally, developers have their own copy of the entire project and can verify that there were no other changes.

Qui bono? (1)

SilverHatHacker (1381259) | more than 3 years ago | (#35024582)

What point is there to hitting SourceForge?

Re:Qui bono? (3, Interesting)

Securityemo (1407943) | more than 3 years ago | (#35024672)

Because it's a high-profile site, and presumably staffed by people who know what they are doing? Eg., for the kicks?

Re:Qui bono? (5, Insightful)

dave562 (969951) | more than 3 years ago | (#35024836)

That was my thought. Everyone talks about how OSS is so secure. If you had a bone to pick with that notion, why not go over one of the highest profile examples of OSS? I'm sure that they're running Apache, right? Probably MySQL too? Surely they aren't hosting their sight on IIS and powering it with Asp.Net, are they?

It would be great if situations like this brought the entire computer using community closer together. The reality is that no matter how epicly great your software might be, there are people out there looking to bring it down. It doesn't matter if you run Microsoft, Apple or OSS. There are bugs in your applications and there are incentives for finding and exploiting those bugs.

Re:Qui bono? (-1)

E IS mC(Square) (721736) | more than 3 years ago | (#35025790)

>> Everyone talks about how OSS is so secure

Hyperbole much? Who is this *everyone*? I have not seen any claims of "so secure". At least not from the people who actually actively contribute. The claims I have seen are something like "it's open so it can be looked by anybody who knows". That just implies that if there is a security problem, there are better chances that they would be known compared to proprietary code.

It's a different matter that some OSS programs are more secure than their closed counterparts. IIS was known to have several issues a while back, while Apache had better track record - that's a proven fact. Nobody ever claimed Apache was the bestest securest evaaar evaar!

Re:Qui bono? (4, Insightful)

dave562 (969951) | more than 3 years ago | (#35025982)

It isn't hyperbole when it is trotted out time and time again as one of the benefits of OSS. Stability and Security are two of the corner stones that OSS advocates build their arguments against "closed source" on top of. Some of the others are cost and portability of data.

To say that "nobody" has claimed that Apache is best ever is just as extreme of a statement as the original one I made about "everybody" talking about how secure OSS is.

Re:Qui bono? (2)

icebraining (1313345) | more than 3 years ago | (#35026264)

I think for some projects, Linus' Law does apply -at least, it makes sense- but it obviously doesn't mean any OSS code is perfectly secure nor even that the average OSS project is more secure than proprietary code.

But I don't see how a single attack on SF proves anything; you'd have to make a study across a statistically valid sample of projects to determine if, eliminated all other variables, OSS code has or nor a better track record.

Re:Qui bono? (0)

Anonymous Coward | more than 3 years ago | (#35026294)

Still that's a pretty big dick move. If or when the community finds out who it is, the blowback from it is likely to be fairly harsh.
(May not be SourceForge's stance to do anything, but a lot of people will be pissed off when you mess with their free software.)

Re:Qui bono? (1)

Sumbius (1500703) | more than 3 years ago | (#35024692)

What point is there to hitting SourceForge?

Someone clearly didn't like open source. I wonder who they were..

Re:Qui bono? (2)

McNihil (612243) | more than 3 years ago | (#35024790)

Possibly a misdirection and general smoke and mirrors technique but I doubt it... Could be that they hit the wrong IP... network order error and it was 60.181.34.216 that is inside China that was the true target and not sourceforge.

Now with that IP one could glean some more info WHY an attack was necessary.... and so on.

Re:Qui bono? (0)

Anonymous Coward | more than 3 years ago | (#35025076)

The are a bunch of communists. They give away software for the betterment of mankind (and softkind!)

Traitorous bastards!

Re:Qui bono? (1)

Hatta (162192) | more than 3 years ago | (#35025190)

To hide back doors in source code?

And nothing of value was lost (-1)

Anonymous Coward | more than 3 years ago | (#35024592)

Just make sourceforge.org a CNAME for github.com or code.google.com and bow out. You had a good run.

Why (2, Interesting)

Anrego (830717) | more than 3 years ago | (#35024602)

What the hell did sourceforge ever do to anyone?

I guess this could have been an attempt to spread some malware or something (by poisoning popular projects)?

Off topic: how many people actually download directly from sourceforge any more. I have to imagine the majority of users (even before the mass ubuntu influx) get their stuff second hand through their favorite distro’s repository these days. I know I haven’t been there with any regularity since my `ol slackware days *tugs pants up past waist*.

Re:Why (2)

BJ_Covert_Action (1499847) | more than 3 years ago | (#35024684)

Could be some hot young group of crackers just wants to make a name for themselves.

Re:Why (4, Insightful)

quanticle (843097) | more than 3 years ago | (#35024750)

If you're using OSS software on Windows, SourceForge is the place to go. This fact lends support to my hypothesis that the attack was cover for injecting malware into open-source projects. Windows is malware's biggest target, and users are beginning to gravitate towards using open source tools over piracy (mainly due to fears of malware, ironically enough). With that in mind, I guess Sourceforge was a pretty big target for crackers.

Re:Why (1)

Anonymous Coward | more than 3 years ago | (#35025296)

There is at least one very popular and highly rated piece of software on SF that distributes binaries bungled with spyware at the time of writing, this isn't related to the present event though.

Re:Why (4, Insightful)

Securityemo (1407943) | more than 3 years ago | (#35025750)

Have the SF admins been notified of this? And this claim is based on manual binary dissection, not just it tripping AV "behaviour analysis"? And lastly, what are you up to if you're not telling which one?

Re:Why (1)

Anonymous Coward | more than 3 years ago | (#35026094)

Why would you say that without naming the software? Without that, you'll just be (rightfully) ignored.

Re:Why (1)

Anonymous Coward | more than 3 years ago | (#35026488)

http://en.wikipedia.org/wiki/PDFCreator#Inclusion_of_malware

Re:Why (1)

Alanbly (1433229) | more than 3 years ago | (#35024752)

Yes, but some of us are developing software and use the sourceforge repository. First and foremost, sourceforge is about development and creativity, not strictly software distribution.

Re:Why (1)

Anrego (830717) | more than 3 years ago | (#35026080)

Of course.. but developers of software projects don't make a good target for malware injection.

Re:Why (0)

LanMan04 (790429) | more than 3 years ago | (#35024756)

I know I havenâ(TM)t been there with any regularity since my `ol slackware days *tugs pants up past waist*.

Double old-man points for using a backtick instead of a single quote

Minus 10,000 nerd points for putting it on the wrong side of "ol"

Re:Why (0)

Anonymous Coward | more than 3 years ago | (#35024798)

Github

Re:Why (1)

story645 (1278106) | more than 3 years ago | (#35024824)

I build a lot of the libraries I use from source and use a lot of the dev versions, so I end up at sourceforge a decent amount of time. Actually, considering that two of the biggest python libraries are hosted on sourceforge (scipy/numpy) and I really need to update my local versions, this even kind of affects me.

Re:Why (2)

Charliemopps (1157495) | more than 3 years ago | (#35025054)

Because Sourceforge only hosts Linux software right?

Re:Why (2)

westlake (615356) | more than 3 years ago | (#35025058)

What the hell did sourceforge ever do to anyone?

Sourceforge is root canal. The valley of the shadow.

The living dead.

FOSS is more than Linux -
and the bare repository of files is of no use to anyone unless you know what you are looking for.

Windows doesn't have a repository. What is does have is resources like Download.com. One-stop shopping for editorial reviews, tutorials, screenshots, demos and so on.

Re:Why (2)

Nimey (114278) | more than 3 years ago | (#35025208)

Windows users will d/l their binaries directly.

Re:Why (1)

maxume (22995) | more than 3 years ago | (#35025272)

They have a really crappy web interface for the mailing list archives that they host.

Re:Why (4, Informative)

diamondsw (685967) | more than 3 years ago | (#35025310)

I have to imagine the majority of users get their stuff second hand through their favorite distro's repository these days.

Yes, because everyone who uses SourceForge is on Linux. There is such a thing as open source Windows and Mac software you know.

Re:Why (0)

Anonymous Coward | more than 3 years ago | (#35025434)

Many repos pull straight from sourceforge.

Re:Why (0)

Anonymous Coward | more than 3 years ago | (#35026190)

Maybe someone should look at your own door step we know that the US security services think they have the ultimate right to control everything (fuck as like do they) maybe some of obama binladen ramadamadingdongs crew could also be guilty or it could be the chinks they are the next bunch that think they have a right to control every single thing on the planet .

Re:Why (1)

mug funky (910186) | more than 3 years ago | (#35026680)

it's the SCO inserting patented code for later legal action.

Aw, crap. (3, Interesting)

Nefarious Wheel (628136) | more than 3 years ago | (#35024630)

This has to be a moneyed interest.

Whoever you are, out there, you're not a clever geek, you're just an asshole.

Re:Aw, crap. (1)

Securityemo (1407943) | more than 3 years ago | (#35024832)

Maybe they are a clever geek asshole? Or even better, a group of clever geek assholes?

Or a classhole (0)

Anonymous Coward | more than 3 years ago | (#35025948)

http://xkcd.com/72/

Re:Aw, crap. (0)

Anonymous Coward | more than 3 years ago | (#35024880)

This has to be a moneyed interest.

Whoever you are, out there, you're not a clever geek, you're just an asshole.

as opposed to other hacking instances?

Re:Aw, crap. (1)

Abstrackt (609015) | more than 3 years ago | (#35025014)

as opposed to other hacking instances?

I miss the good old days when hacking was considered a good thing. You know, when it meant doing more with less than the bare minimum or just screwing around with your own hardware to use it in unintended ways without pissing anybody off.

Re:Aw, crap. (1)

amicusNYCL (1538833) | more than 3 years ago | (#35025080)

This has to be a moneyed interest.

Why can't it be a government interest carpet-bombing the location of a single piece of software it finds offensive or illegal?

Re:Aw, crap. (1)

babywhiz (781786) | more than 3 years ago | (#35025116)

They are really, really, dumb. For real.

Re:Aw, crap. (1)

westlake (615356) | more than 3 years ago | (#35025298)

This has to be a moneyed interest.

Trust me on this.

Sourceforge has probably soured more users on open source than any other website on the planet.

     

Re:Aw, crap. (1)

Blakey Rat (99501) | more than 3 years ago | (#35025390)

No kidding. Maybe it's being "attacked' by a good Samaritan sick of dealing with SourceForge's particular brand of unusable crap.

Hey, maybe SourceForge will actually wake up, pay attention to the site, and *improve* it as a result of this!

Nah.

LOL M$ Windoze Pwnd AGAIN! (-1)

Anonymous Coward | more than 3 years ago | (#35024652)

Sourceforge should have used Linux instead of Windoze, with is a n00b O$.

Re:LOL M$ Windoze Pwnd AGAIN! (0)

Anonymous Coward | more than 3 years ago | (#35025028)

There are so many stupid things in your post and subject line I don't even know where to start. Are all cool 7337 hackers as educated as you are?

Re:LOL M$ Windoze Pwnd AGAIN! (0)

Anonymous Coward | more than 3 years ago | (#35025120)

Not at all. Many are as stupid as you.

Pebble in a shoe? (1)

mapzta (1924598) | more than 3 years ago | (#35024734)

Can really free a portal for open-source software development be such a pebble in a shoe for someone? I can't think of none, *wink wink*, maybe someone who does not like stuff licensed under gpl, *nudge nudge*, oh noes... who can possibly believe in closedsource software as a future for the consumer out there? Oh, i dont know....

Re:Pebble in a shoe? (0)

Anonymous Coward | more than 3 years ago | (#35024794)

Whaddaya think folks, free web translator, or genuine broken English?

Is this today's equivalent of cutting glyphs from magazines and newspapers and pasting them onto a torn up grocery bag?

Re:Pebble in a shoe? (1)

amicusNYCL (1538833) | more than 3 years ago | (#35025106)

I can't think of none, *wink wink*, maybe someone who does not like stuff licensed under gpl, *nudge nudge*

No less than three governments are currently trying to contain revolutions or mass protests. Why can't one of them be launching attacks against open-source tools to help people communicate?

Why not slashdot? (-1)

Anonymous Coward | more than 3 years ago | (#35024802)

If they'd only take slashdot down, maybe they'd ditch these stupid changes and revert?

Re:Why not slashdot? (1)

SadButTrue (848439) | more than 3 years ago | (#35025000)

I like the new layout, but I want the old icons back

seems to be up for me (1, Redundant)

ravenspear (756059) | more than 3 years ago | (#35024810)

sourceforge.net [sourceforge.net]

Re:seems to be up for me (1)

Migala77 (1179151) | more than 3 years ago | (#35024844)

Oh great, now you've slashdotted it, soon it will be down again!

Re:seems to be up for me (0)

Anonymous Coward | more than 3 years ago | (#35025164)

Oh great, now you've slashdotted it, soon it will be down again!

Insert recursion here!

Re:seems to be up for me (0)

Anonymous Coward | more than 3 years ago | (#35026436)

Oh great, now you've slashdotted it, soon it will be down again!

Insert recursion here!

Insert recursion here!

Password Database stolen? (3, Interesting)

Securityemo (1407943) | more than 3 years ago | (#35024914)

Since they took down SFTP access, presumably someone got their hands on passwords/the password database.

Slashdot (5, Funny)

chargersfan420 (1487195) | more than 3 years ago | (#35024932)

Good thing Slashdot is still up and running!

Unless... it was replaced with an impostor with some bad design decisions!

Re:Slashdot (0)

Anonymous Coward | more than 3 years ago | (#35024982)

Would we know the difference?

Re:Slashdot (3, Funny)

Anonymous Coward | more than 3 years ago | (#35025070)

I knew something was suspicious with cmdrBurrito

Re:Slashdot (2)

sorak (246725) | more than 3 years ago | (#35025130)

Good thing Slashdot is still up and running!

Unless... it was replaced with an impostor with some bad design decisions!

So the bad news is that slashdot got hacked. The good news is that they fixed Idle.

Re:Slashdot (2)

demonbug (309515) | more than 3 years ago | (#35025352)

Good thing Slashdot is still up and running!

Unless... it was replaced with an impostor with some bad design decisions!

So the bad news is that slashdot got hacked. The good news is that they fixed Idle.

Nope, I can still see it.

Re:Slashdot (1)

sznupi (719324) | more than 3 years ago | (#35026604)

If the goal of the attacks turns out to be corruption of the new Slashcode / its SF project... is there anybody here who would be really surprised? ;)

possible explanation (5, Interesting)

Anonymous Coward | more than 3 years ago | (#35024938)

http://www.exploit-db.com/papers/15823/

You would think that the authors of Ettercap, one of the most popular
whitehat pentesting tools, would know the basics of security.
Apparently they don't, or they just don't give a shit about what
happens to their users.

So, why is their website so insecure? Ettercap's message board is
hosted at Sourceforge, so they share a server with thousands of other
customers. Every single customer is able to execute commands and
access the other project directories. Pretty stupid, eh? You only need
to find one hole in one hosted site and you can access ALL the project
databases. Of course that isn't ALoR's fault, it's Sourceforge's
fault. Regardless, people who care about security and data integrity
wouldn't use such a shitty provider, would they?

Re:possible explanation (0)

Anonymous Coward | more than 3 years ago | (#35025048)

darn, messed up the formatting. this was obviously meant as a quote.

Re:possible explanation (1)

Securityemo (1407943) | more than 3 years ago | (#35025126)

Too late, the bomber is already on it's way. Just jack a vespa and pray that you clear the blast radius.

Re:possible explanation (1)

Anonymous Coward | more than 3 years ago | (#35025366)

ok.

Sent from my iPhone

Re:possible explanation (0)

Anonymous Coward | more than 3 years ago | (#35025888)

>> Sent from my iPhone

Hey, make sure you give a good blowjob to Steve. He needs some love.

Re:possible explanation (1)

Migala77 (1179151) | more than 3 years ago | (#35026482)

darn, messed up the formatting.

Looks like Slashdot is as insecure as SourceForge, you've messed up the whole website!

Re:possible explanation (3, Insightful)

Securityemo (1407943) | more than 3 years ago | (#35025098)

So, basically, there was no compartmentalization at all (chroot, etc.) between project web pages/data, and as anyone hosted there could upload anything to their web page, it was just a matter of time? How did this not happen earlier, if not through someone just uploading a shell to their own webpage?

Crazy or Stupid (1)

MonsterTrimble (1205334) | more than 3 years ago | (#35025008)

The attacker(s) really must be either. Taking down a benign and beloved website which is frequented by a legion of genius coders is really asking for it.

Re:Crazy or Stupid (1)

FunPika (1551249) | more than 3 years ago | (#35025264)

Meh they could have done worse...they could have attacked 4chan, Wikileaks, or another site that is likely to get the whole of Anon on their asses. At worse all that would happen to them on Slashdot/Sourceforge would be us finding out a link to a website run by the attackers, posting a link to it on the front page, and letting the /. effect do the rest.

Re:Crazy or Stupid (1)

f3rret (1776822) | more than 3 years ago | (#35025610)

Honestly though I'm fairly certain that 4chan has 'hacked' itself a number if times. Seriously, I'm not sure where they organize their little raids but there's a board (well or some boards) somewhere where IPs are posted for that hideously stupid LOIC program they use for their little DDoS attacks; since most of the people there are presumably completely ignorant script kiddies, it'd be trivial for someone who was bored or had some beef with 4chan to post the IP of 4chan there and the legions of idiots would happily input it into their version of LOIC and voila 4chan hacks itself.

Up for me (2)

TheDigitalNinja (1407501) | more than 3 years ago | (#35025010)

Site seems to be up and working fine for me. All the way through to downloading code and executables.

Re:Up for me (0)

Anonymous Coward | more than 3 years ago | (#35025060)

yes... working... please continue to use the code you are downloading. and executing. lots of that. no need to look at it...

Take note when people post exploits (5, Interesting)

Anonymous Coward | more than 3 years ago | (#35025124)

This was posted on Full Disclosure 4 days ago. http://seclists.org/fulldisclosure/2011/Jan/424 [seclists.org]

Seems they left the backdoor open even after being notified.

Re:Take note when people post exploits (1)

Securityemo (1407943) | more than 3 years ago | (#35025430)

Mod parent up, I should have checked there before starting to ramble. Interesting thing I noticed though: that paper from exploitdb claims that those happy ninjas had access to the ettercap project account for the past 5 years.

Anonymous browsing software (-1)

Anonymous Coward | more than 3 years ago | (#35025346)

Anyone else think it could be someone trying to poison the various projects on sf that involve getting around various nations blocking attempts? Or did the attack not look complex enough for that, TL;DNR

Bullies! (0)

Stenchwarrior (1335051) | more than 3 years ago | (#35025402)

This is the ultimate in bullying someone that doesn't deserve it. Kinda like the poor fat kid in middle school that got beat up by the entire football team because they didn't like the way I smelled.

It backfired (1)

CheerfulMacFanboy (1900788) | more than 3 years ago | (#35025950)

Somebody tried to fix the new Slashdot UI code - and it was also used by SourceForge?

SVN may be up, but SVN browsing is not (1)

Animats (122034) | more than 3 years ago | (#35026384)

SVN may be up, but SVN browse code [sourceforge.net] (via a web browser, what they call "ViewVC") is still failing.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?