[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 2 Feb 2007 11:52:49 -0500
From: "Eliah Kagan" <degeneracypressure@...il.com>
To: bugtraq@...urityfocus.com
Subject: Re: Sourceforge compromized?
If the content can be shown to be present due to the actions of the
YaPiG project site admins (e.g. using very weak passwords, being
fooled by a sourceforge.net phishing site that steals passwords,
putting the material up intentionally), a full code audit for
everything from sourceforge.net is probably not necessary.
-Eliah
On 2/2/07, Michael Scheidell <scheidell@...nap.net> wrote:
>
> http://yapig.sourceforge.net/demo/photos/photos2291.html
>
> (no one under 18 should click on that link above, it may violate state
> laws doing so)
>
> Could someone from sourceforge.net comment? What else is compromised on
> the server?
>
> Can just anyone post anything to any directory or are there specific
> directories that can be hacked?
>
> Is it just yapig.sourceforge.net?
>
> Either case, I should suggest everyone be careful about what you
> download from sourceforge till they do a full code audit and post the
> results here.
>
> --
> Michael Scheidell, CTO
> SECNAP Network Security
> 561-999-5000 x 1131
> www.secnap.com
Powered by blists - more mailing lists