Language Selection

English French German Italian Portuguese Spanish

Sourceforge Attack: Full Report

Filed under
Security
Web

As we’ve previously announced, SourceForge.net has been the target of a directed attack. We have completed the first round of analysis, and have a much more solid picture of what happened, the extent of the impact, our plan to reduce future risk of attack. We’re still working hard on fixing things, but we wanted to share what we know with the community.

We discovered the attack on Wednesday, and have been working hard to get things back in order since then. While several boxes were compromised we believe we caught things before the attack escalated beyond its first stages.

Our early assessment of which services and hosts were impacted, and the choice to disable CVS, ishell, file uploads, and project web updates appears to have prevented any further escalation of the attack or any data corruption activities.

rest here




More in Tux Machines

today's leftovers

F2FS Tools Gain FSCK Support

The F2FS Tools v1.4.0 release introduces fsck.f2fs for fixing corrupted images/partitions for Samsung's Flash-Friendly File-System. There's also now dump.f2fs for retrieving a specific file. Additionally, the f2fs-tools 1.4 update also has bug-fixes for the stat and fibmap utilities. Last but not least is some code refactoring for the Android build. The release was mentioned today on the kernel mailing list by Samsung's Jaegeuk Kim. Read more

xorg-server 1.16.1

xorg-server 1.16.1 is now available. A single fix since Monday's 1.16.0.901, to address an issue when building Xwayland from the tarball. Julien Cristau (2): xwayland: always include drm.xml in tarballs Bump to 1.16.1 git tag: xorg-server-1.16.1 Read more

Geary Email Client Receives Major Overhaul and New Features

Geary, a lightweight email program designed around conversations and built for the GNOME desktop by the Yorba software group, has reached version 0.8 and it comes with a ton of new features. Read more