| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Feb 2007 11:52:49 -0500 From: "Eliah Kagan" <degeneracypressure@...il.com> To: bugtraq@...urityfocus.com Subject: Re: Sourceforge compromized? If the content can be shown to be present due to the actions of the YaPiG project site admins (e.g. using very weak passwords, being fooled by a sourceforge.net phishing site that steals passwords, putting the material up intentionally), a full code audit for everything from sourceforge.net is probably not necessary. -Eliah On 2/2/07, Michael Scheidell <scheidell@...nap.net> wrote: > > http://yapig.sourceforge.net/demo/photos/photos2291.html > > (no one under 18 should click on that link above, it may violate state > laws doing so) > > Could someone from sourceforge.net comment? What else is compromised on > the server? > > Can just anyone post anything to any directory or are there specific > directories that can be hacked? > > Is it just yapig.sourceforge.net? > > Either case, I should suggest everyone be careful about what you > download from sourceforge till they do a full code audit and post the > results here. > > -- > Michael Scheidell, CTO > SECNAP Network Security > 561-999-5000 x 1131 > www.secnap.com
Powered by blists - more mailing lists