Archive for the ‘news’ Category
Yesterday, the official SourceForge.net blog reported a successful attack on its servers. Today another update post was published and hopefully tomorrow a more detailed one will be released.
So, today SourceForge.net published another blog post (available here) but it doesn’t contain any technical details regarding the attack. They only important point in this post is that the attacker(s) were sniffing for passwords and SourceForge.net suggests that the users should reset their passwords.
Finally, SourceForge.net released a detailed report which you can read here. Unfortunately, the juicy attack details have not been released and we just know that the attacker used a privilege escalation vulnerability to root a SourceForge.net box. Later, using the hacked accounts he attempted to penetrate to other servers. Too bad… I was hoping for a “Full Report“. Anyway…
I have just been informed through Dennis Fisher’s post that Fedora project was compromised using a hacked contributor’s SSH account. However, Fedora Infrastructure Team states that no changes were made by the attacker since they were informed of the compromised account incident fast by the legitimate owner of the account and performed to the required operations.
A few minutes ago someone told me that the well known Greek security community of grhack became an “officially” private community. In my opinion this is a strange move but I cannot comment anything since I have no clue of the goals and motivation that lead to it, as well as any underlying stories being involved.
This community has contributed a lot to the security world from publishing content in e-zines such as phrack, to presenting in security industry conferences the past two years.
Also, since they turned to a private community I’ll remove my link to their website. It will be useless having a link to a private community. Finally, best wishes and good luck with your new community. :)
I was reading the Full-Disclosure mailing list when I came across this thread. I don’t know how valid this is since I didn’t have the opportunity to see it myself and I only got the following screen capture from the mailing list.
From the FD mailing list Juha-Matti Laurio posted the following zone-h mirror of the hack:
I’m finally back having a pretty bad flu. Nevertheless, I had some great time at Berlin this year and aluc was an awesome dude! Thanks for everything.
Awesome time meeting more and more cool people. Finally, I want to apologize to our Swedish friends for my attitude during the last two days of our stay in Berlin but I was having that flu and I was really stuck with something sin was coding during that period. This resulted in spending the New Year’s Eve coding instead of partying.
So, I’m sorry about this and I’m looking forward for our next meeting.