http://www.theregister.co.uk/2010/12/01/gnu_savannah_hacked/ By Dan Goodin in San Francisco The Register 1st December 2010 The main source-code repository for the Free Software Foundation has been taken down following an attack that compromised some of the website's account passwords and may have gained unfettered administrative access. The SQL-injection attacks on GNU Savannah exploited holes in Savane, the open-source software hosting application that was spun off from SourceForge, Matt Lee, a campaigns manager for the Free Software Foundation, told The Register. The attackers were then able to obtain the entire database of usernames and hashed passwords, some of which were decrypted using brute-force techniques. Project managers took GNU Savannah offline on Saturday, more than 48 hours after the attack occurred. They expect to bring the site back online on Wednesday, although they're not guaranteeing it will be fully functional. Out of an abundance of caution, restored data will come from a backup made on November 24, prior to the compromise. Lee said there's no reason to believe any of the source code hosted on the site was affected by the breach. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Tue Nov 30 2010 - 22:38:44 PST
This archive was generated by hypermail 2.2.0 : Tue Nov 30 2010 - 22:43:28 PST