|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Sourceforge compromized?
From: Eliah Kagan (degeneracypressure
gmail.com)
Date: Fri Feb 02 2007 - 10:52:49 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
If the content can be shown to be present due to the actions of the
YaPiG project site admins (e.g. using very weak passwords, being
fooled by a sourceforge.net phishing site that steals passwords,
putting the material up intentionally), a full code audit for
everything from sourceforge.net is probably not necessary.
-Eliah
On 2/2/07, Michael Scheidell <scheidellsecnap.net> wrote:
>
> http://yapig.sourceforge.net/demo/photos/photos2291.html
>
> (no one under 18 should click on that link above, it may violate state
> laws doing so)
>
> Could someone from sourceforge.net comment? What else is compromised on
> the server?
>
> Can just anyone post anything to any directory or are there specific
> directories that can be hacked?
>
> Is it just yapig.sourceforge.net?
>
> Either case, I should suggest everyone be careful about what you
> download from sourceforge till they do a full code audit and post the
> results here.
>
> --
> Michael Scheidell, CTO
> SECNAP Network Security
> 561-999-5000 x 1131
> www.secnap.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]