Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 18 Jan 2010 16:15:42 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security <oss-security@...ts.openwall.com>
Subject: BerliOS.de comrpomise

Hello all,

As some of you have heard, it seems that BerliOS was compromised recently.
http://lwn.net/Articles/369633/
http://www.h-online.com/open/news/item/BerliOS-open-source-project-portal-falls-victim-to-attack-903990.html

I've mailed the BerliOS admins with no reply. I'm wondering if anyone has 
any additional details regarding this.

The Apache group had a similar incident some years back, and did an 
incredible job of documenting things:
http://www.apache.org/info/20010519-hack.html

I suspect that given the large number of distributions this will affect, 
some sort of coordinated effort may be in order. Unless we are given 
evidence to the contrary, I think it must be presumed that source hosted at
berlios.de is not secure and needs to be inspected.

This topic was briefly brought up on a Fedora mailing list:
http://lists.fedoraproject.org/pipermail/devel/2010-January/129156.html

I suspect each distribution will have their own list of sources that need
inspection.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ