<<< Date Index >>>     <<< Thread Index >>>

Re: Sourceforge compromized?



If the content can be shown to be present due to the actions of the
YaPiG project site admins (e.g. using very weak passwords, being
fooled by a sourceforge.net phishing site that steals passwords,
putting the material up intentionally), a full code audit for
everything from sourceforge.net is probably not necessary.

-Eliah

On 2/2/07, Michael Scheidell <scheidell@xxxxxxxxxx> wrote:

http://yapig.sourceforge.net/demo/photos/photos2291.html

(no one under 18 should click on that link above, it may violate state
laws doing so)

Could someone from sourceforge.net comment? What else is compromised on
the server?

Can just anyone post anything to any directory or are there specific
directories that can be hacked?

Is it just yapig.sourceforge.net?

Either case, I should suggest everyone be careful about what you
download from sourceforge till they do a full code audit and post the
results here.

--
Michael Scheidell, CTO
SECNAP Network Security
561-999-5000 x 1131
www.secnap.com