[ISN] Intruder cracks VA Linux developer site

From: InfoSec News (isnat_private)
Date: Wed May 30 2001 - 02:06:50 PDT

  • Next message: Roger Safian: "[ISN] Final reminder - 2001 FIRST conference"

    By Robert Lemos
    Special to CNET News.com 
    May 29, 2001, 2:50 p.m. PT 
    Update: Server seller VA Linux Systems acknowledged Tuesday that an
    Internet intruder breached the security surrounding its open-source
    development site, SourceForge.net.
    The site's "shell server" was compromised May 22 after a SourceForge
    employee logged on to an outside Internet service provider that had
    already been taken over by the intruder, said Pat McGovern, site
    director of SourceForge.net. When the staff member logged on to
    SourceForge remotely, the intruder captured the password.
    "What happened was the (ISP) was compromised and had not known it,"
    McGovern said, adding that the site's administrator quickly noticed
    the intruder and shut systems down. "Basically we had to go through
    and rebuild the machine, and then we checked the log file of everyone
    who used the machine."
    Using the log file, the site's administrator sent an e-mail to warn
    developers who had recently signed on to the site that their accounts
    may have been compromised. Similar to what was done on the ISP's
    system, the intruder who took control of the SourceForge server may
    have been able to essentially "watch" as people logged on.
    The e-mail warned the developers that they should change their
    passwords because their accounts may have been compromised.
    SourceForge is a network of sites that hosts more than 21,000
    open-source development projects, giving developers the tools
    necessary to update different versions of the code and allowing people
    to easily search the database of projects.
    After the attack, VA removed the shell service until workers could
    reinstall the software and data on the server. The shell server
    allowed SourceForge members to type commands into the system remotely.
    On Thursday, the company posted an alert that the shell server
    couldn't be used because of an "unscheduled maintenance event."
    "In this case, they only got into a shell server," McGovern said.
    The company also decided to shut down its "compile farm," a collection
    of computers running different operating systems on which SourceForge
    developers can test their software.
    Unlike the intrusion into Microsoft's servers last year, in this case
    few developers were worried about the vandals stealing their software.
    The projects hosted by the site are open source, so "stealing" the
    code makes little difference.
    Although illicit modifications to the programming projects are a
    concern, McGovern said the intruder didn't get that far.
    This week is apparently a bad one for open-source-related sites. On
    Tuesday, download site Tucows.com--which has large archives of
    open-source programs--disappeared from the Net for a few hours.
    The site is back up. Ross Rader, director of research for Tucows,
    could not provide more details about the outage.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Wed May 30 2001 - 02:19:15 PDT