[ISN] Crackers target open source software websites

From: InfoSec News (isnat_private)
Date: Thu May 31 2001 - 00:11:52 PDT

  • Next message: InfoSec News: "[ISN] OpenPGP Alliance omits PGP Security"

    http://it.mycareer.com.au/breaking/2001/05/31/FFXQ0QREDNC.html
    
    Thursday 31 May, 2001
    By BARRY PARK 
    FAIRFAX IT
    
    Open source software portal Sourceforge has published details of the
    server compromise that forced the group to reset all its users'
    passwords.
    
    The postmortem follows news today that another open source portal,
    themes.org, had also been struck down by crackers.
    
    Late today the group's website was defaced by crackers before being
    replaced with a message the website was experiencing "fairly major
    technical difficulties".
    
    The website has since been stripped from the server and replaced with
    a "page not found" error message.
    
    Open source news portal Slashdot was also reporting today that the
    website for the Apache Web server software had been compromised.
    
    Sourceforge said today that crackers broke into its servers after a
    Sourceforge worker's password was sniffed from a cracked third-party
    Internet service provider.
    
    Sourceforge said without revealing the exact details that the attack
    affected one of its project shell servers.
    
    "It has been determined that this security compromise (of one
    SourceForge.net project shell server) was not caused by fault in the
    shell server itself; no exploits were used to penetrate the security
    on this host," the group said in a statement posted on its website
    today.
    
    "Rather, security was compromised as result of a related breach on a
    host of an upstream ISP for one SourceForge.net staff member. In this
    case, the user had logged in to the compromised ISP's host, then to
    the SourceForge.net project shell server; as result of the compromised
    nature of the ISP's host, it was possible for the intruder to capture
    the password the SourceForge.net staff member used in accessing that
    shell server.
    
    "The SourceForge.net team has since established more rigorous
    guidelines for host connectivity, so as to reduce the risk involved
    with this type of security compromise," it said.
    
     
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Thu May 31 2001 - 02:20:03 PDT