[ISN] After attack, SourceForge speeds move to new security model

From: InfoSec News <alerts_at_private>
Date: Tue, 1 Feb 2011 00:46:57 -0600 (CST)
http://www.computerworld.com/s/article/9207241/After_attack_SourceForge_speeds_move_to_new_security_model

By Jeremy Kirk
IDG News Service
January 31, 2011

The open-source software development site SourceForge is speeding up its 
move to a new a security model following a targeted attack that may have 
compromised the passwords of its large user base.

SourceForge, which hosts more than 260,000 projects, discovered the 
attack last Wednesday. It believes the attack was aimed at capturing 
passwords.

"Our analysis uncovered (among other things) a hacked SSH daemon, which 
was modified to do password capture," the organization said on its blog. 
"We don't have reason to believe the attacker was successful in 
collecting passwords. But, the presence of this daemon and server level 
access to one-way hashed, and encrypted, password data led us to take 
the precautionary measure of invalidating all SourceForge user account 
passwords."

Other people suggested the attack may have been aimed at corrupting 
projects hosted on SourceForge, and a review of code is under way to 
ensure data hasn't been tampered with. Users were also sent an e-mail 
informing them to reset their passwords. SourceForge said it expected 
access to projects to be restored early this week.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Mon Jan 31 2011 - 22:46:57 PST

This archive was generated by hypermail 2.2.0 : Mon Jan 31 2011 - 23:02:19 PST