oss-sec mailing list archives
Re: BerliOS.de comrpomise
From: Nico Golde <oss-security+ml () ngolde de>
Date: Wed, 20 Jan 2010 13:31:42 +0100
Hi, * Josh Bressers <bressers () redhat com> [2010-01-18 22:16]:
As some of you have heard, it seems that BerliOS was compromised recently. http://lwn.net/Articles/369633/ http://www.h-online.com/open/news/item/BerliOS-open-source-project-portal-falls-victim-to-attack-903990.html I've mailed the BerliOS admins with no reply. I'm wondering if anyone has any additional details regarding this. The Apache group had a similar incident some years back, and did an incredible job of documenting things: http://www.apache.org/info/20010519-hack.html
We (Debian) also contacted them and got a rather distracting reply so far which doesn't help much. We are thinking about informing our maintainers to check the upstream tarballs. But given the replies in the lwn thread and a look at git.berlios.de doesn't give the impression so far that anything has been fixed in a secure manner. I'll keep you updated but so far at least (and this is my personal opinion) it doesn't look to me like it would be a wise decision to host files at BerliOS currently and that BerliOS is interested to do what apache has been done. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- BerliOS.de comrpomise Josh Bressers (Jan 18)
- Re: BerliOS.de comrpomise Nico Golde (Jan 20)