Security News > 2011 > February > After attack, SourceForge speeds move to new security model
http://www.computerworld.com/s/article/9207241/After_attack_SourceForge_speeds_move_to_new_security_model By Jeremy Kirk IDG News Service January 31, 2011 The open-source software development site SourceForge is speeding up its move to a new a security model following a targeted attack that may have compromised the passwords of its large user base. SourceForge, which hosts more than 260,000 projects, discovered the attack last Wednesday. It believes the attack was aimed at capturing passwords. "Our analysis uncovered (among other things) a hacked SSH daemon, which was modified to do password capture," the organization said on its blog. "We don't have reason to believe the attacker was successful in collecting passwords. But, the presence of this daemon and server level access to one-way hashed, and encrypted, password data led us to take the precautionary measure of invalidating all SourceForge user account passwords." Other people suggested the attack may have been aimed at corrupting projects hosted on SourceForge, and a review of code is under way to ensure data hasn't been tampered with. Users were also sent an e-mail informing them to reset their passwords. SourceForge said it expected access to projects to be restored early this week. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/