infosec-news February 2011 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] After attack, SourceForge speeds move to new

[ISN] After attack, SourceForge speeds move to new security model

From: InfoSec News <alerts_at_nospam>
Date: Tue Feb 01 2011 - 06:46:57 GMT

By Jeremy Kirk
IDG News Service
January 31, 2011

The open-source software development site SourceForge is speeding up its
move to a new a security model following a targeted attack that may have
compromised the passwords of its large user base.

SourceForge, which hosts more than 260,000 projects, discovered the
attack last Wednesday. It believes the attack was aimed at capturing

"Our analysis uncovered (among other things) a hacked SSH daemon, which
was modified to do password capture," the organization said on its blog.
"We don't have reason to believe the attacker was successful in
collecting passwords. But, the presence of this daemon and server level
access to one-way hashed, and encrypted, password data led us to take
the precautionary measure of invalidating all SourceForge user account

Other people suggested the attack may have been aimed at corrupting
projects hosted on SourceForge, and a review of code is under way to
ensure data hasn't been tampered with. Users were also sent an e-mail
informing them to reset their passwords. SourceForge said it expected
access to projects to be restored early this week.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.