lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 30 Jan 2011 11:43:13 -0500
From: wac <waldoalvarez00@...il.com>
To: exploit dev <extraexploit@...il.com>
Cc: Full-Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: sourceforge entry point seems still active.

So it actually happened! Not surprising at all. I suspected at first
sight about a phish attempt because the email in another domain they
sent for contact in case of problems with password reset (didn't
bothered about headers anyway).

Seems mine was not compromised according to what they say "Our
analysis uncovered (among other things) a hacked SSH daemon, which was
modified to do password capture."

If i were them I would reinstall from scratch at least all SSH
servers. They all could be compromised!

On 1/30/11, exploit dev <extraexploit@...il.com> wrote:
> Sourceforge has reported a full report of attack. Seems very close to what I
> wrote in previous messages and reported in my blog posts related to this
> thread.
>
> Sourceforge Attack: Full Report
> http://sourceforge.net/blog/sourceforge-attack-full-report/
>
> On Tue, Jan 25, 2011 at 9:18 PM, exploit dev <extraexploit@...il.com> wrote:
>
>> Hi Andrew,
>>
>> just a reminder: this breach was used by php/python/perl script for get
>> and
>> save on user directory bot and remote shell. Also you could, as reported
>> also in owned and exposed zine, launch commands and attempt privilege
>> escalation. So I'm not so sure that this is not so writable as well i
>> think
>> is not right sayd that is not   critical.
>>
>> Regards-.
>>
>>
>> On Tue, Jan 25, 2011 at 8:47 PM, Andrew Farmer <andfarm@...il.com> wrote:
>>
>>> On 2011-01-24, at 12:08, exploit dev wrote:
>>> > Anyway, I'm sorry repeat my message. I think that this issue is a bit
>>> > critical but I don't receive still any feedback,
>>>
>>> It's not particularly critical by any means. SourceForge projects all
>>> have
>>> their own web space, and there are doubtless a bunch of them running
>>> vulnerable versions of software. These sites are relatively isolated, and
>>> don't have write access to the project's SCM or downloads.
>>
>>
>>
>>
>> --
>> http://extraexploit.blogspot.com
>>
>
>
>
> --
> http://extraexploit.blogspot.com
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ