Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 Jan 2010 16:15:42 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security <oss-security@...ts.openwall.com>
Subject: BerliOS.de comrpomise

Hello all,

As some of you have heard, it seems that BerliOS was compromised recently.
http://lwn.net/Articles/369633/
http://www.h-online.com/open/news/item/BerliOS-open-source-project-portal-falls-victim-to-attack-903990.html

I've mailed the BerliOS admins with no reply. I'm wondering if anyone has 
any additional details regarding this.

The Apache group had a similar incident some years back, and did an 
incredible job of documenting things:
http://www.apache.org/info/20010519-hack.html

I suspect that given the large number of distributions this will affect, 
some sort of coordinated effort may be in order. Unless we are given 
evidence to the contrary, I think it must be presumed that source hosted at
berlios.de is not secure and needs to be inspected.

This topic was briefly brought up on a Fedora mailing list:
http://lists.fedoraproject.org/pipermail/devel/2010-January/129156.html

I suspect each distribution will have their own list of sources that need
inspection.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.