Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Tell HN: Sourceforge servers compromised
121 points by sucuri2 on Jan 28, 2011 | hide | past | favorite | 8 comments
Multiple sourceforge servers were compromised, so treat anything in there as compromised (including files you download, etc).

Info: http://sourceforge.net/apps/wordpress/sourceforge/2011/01/27/sourceforge-net-attack-update/

http://blog.sucuri.net/2011/01/sourceforge-net-servers-compromised.html

http://developers.slashdot.org/story/11/01/27/2059200/SourceForge-Down-After-Attack-Updated




This was posted a few days ago, probably related:

"sourceforge entry point seems still active."

http://seclists.org/fulldisclosure/2011/Jan/424

http://extraexploit.blogspot.com/2011/01/sourceforge-entry-p...


As far as I could tell, that post was just about one specific SF project that had a vulnerable PHP CMS installed on their web space. It's possible that the more general problem of projects being allowed to install/manage their own software got leveraged into a larger exploit, though.


Just yesterday, I checked out the latest version of Spim (9.0, now with Qt GUI!) from Sourceforge svn. Now I can audit the source, or just hope that attackers just wouldn't bother installing backdoors in such a minority program. I think I'll do the latter.


>"SPIM is a MIPS processor simulator, designed to run assembly language code for this architecture. The program simulates R2000 and R3000 processors, and was written by James R. Larus [...]"

http://en.wikipedia.org/wiki/SPIM


Spim! Nice to hear it's still being worked on.


The Qt GUI is nice; however, what I need more is support for acceptance testing of programs generated by the students' compilers. I guess I'll just diff the output of command-line spim like last year.


Is there a place where I can see a list of sourceforge project names? I'd really like to merge that with my list of applications now.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: