[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] BerliOS.de comrpomise
From: Nico Golde <oss-security+ml () ngolde ! de>
Date: 2010-01-20 12:31:42
Message-ID: 20100120123142.GI14634 () ngolde ! de
[Download RAW message or body]
Hi,
* Josh Bressers <bressers@redhat.com> [2010-01-18 22:16]:
> As some of you have heard, it seems that BerliOS was compromised recently.
> http://lwn.net/Articles/369633/
> http://www.h-online.com/open/news/item/BerliOS-open-source-project-portal-falls-victim-to-attack-903990.html
>
> I've mailed the BerliOS admins with no reply. I'm wondering if anyone has
> any additional details regarding this.
>
> The Apache group had a similar incident some years back, and did an
> incredible job of documenting things:
> http://www.apache.org/info/20010519-hack.html
We (Debian) also contacted them and got a rather distracting reply so far
which doesn't help much. We are thinking about informing our maintainers to
check the upstream tarballs. But given the replies in the lwn thread and a
look at git.berlios.de doesn't give the impression so far that anything has
been fixed in a secure manner. I'll keep you updated but so far at least (and
this is my personal opinion) it doesn't look to me like it would be a wise
decision to host files at BerliOS currently and that BerliOS is interested to
do what apache has been done.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic