Bugtraq mailing list archives
Re: Sourceforge compromized?
From: "Eliah Kagan" <degeneracypressure () gmail com>
Date: Fri, 2 Feb 2007 11:52:49 -0500
If the content can be shown to be present due to the actions of the YaPiG project site admins (e.g. using very weak passwords, being fooled by a sourceforge.net phishing site that steals passwords, putting the material up intentionally), a full code audit for everything from sourceforge.net is probably not necessary. -Eliah On 2/2/07, Michael Scheidell <scheidell () secnap net> wrote:
http://yapig.sourceforge.net/demo/photos/photos2291.html (no one under 18 should click on that link above, it may violate state laws doing so) Could someone from sourceforge.net comment? What else is compromised on the server? Can just anyone post anything to any directory or are there specific directories that can be hacked? Is it just yapig.sourceforge.net? Either case, I should suggest everyone be careful about what you download from sourceforge till they do a full code audit and post the results here. -- Michael Scheidell, CTO SECNAP Network Security 561-999-5000 x 1131 www.secnap.com
Current thread:
- strange behavior on Cisco 2801 Marcin (Feb 01)
- Re: strange behavior on Cisco 2801 Neil Anderson (Feb 01)
- Sourceforge compromized? Michael Scheidell (Feb 02)
- Re: Sourceforge compromized? Eliah Kagan (Feb 02)
- Re: Sourceforge compromized? Serguei A. Mokhov (Feb 02)
- Re: Sourceforge compromized? Tim (Feb 02)
- Re: Sourceforge compromized? Karl Schlitt (Feb 02)
- Sourceforge compromized? Michael Scheidell (Feb 02)
- Re: strange behavior on Cisco 2801 Neil Anderson (Feb 01)
- Re: strange behavior on Cisco 2801 Eloy Paris (Feb 02)