oss-sec mailing list archives
BerliOS.de comrpomise
From: Josh Bressers <bressers () redhat com>
Date: Mon, 18 Jan 2010 16:15:42 -0500 (EST)
Hello all, As some of you have heard, it seems that BerliOS was compromised recently. http://lwn.net/Articles/369633/ http://www.h-online.com/open/news/item/BerliOS-open-source-project-portal-falls-victim-to-attack-903990.html I've mailed the BerliOS admins with no reply. I'm wondering if anyone has any additional details regarding this. The Apache group had a similar incident some years back, and did an incredible job of documenting things: http://www.apache.org/info/20010519-hack.html I suspect that given the large number of distributions this will affect, some sort of coordinated effort may be in order. Unless we are given evidence to the contrary, I think it must be presumed that source hosted at berlios.de is not secure and needs to be inspected. This topic was briefly brought up on a Fedora mailing list: http://lists.fedoraproject.org/pipermail/devel/2010-January/129156.html I suspect each distribution will have their own list of sources that need inspection. Thanks. -- JB
Current thread:
- BerliOS.de comrpomise Josh Bressers (Jan 18)
- Re: BerliOS.de comrpomise Nico Golde (Jan 20)