SourceForge falls victim to password hack; globally resets accounts

SourceForge, a giant in aiding open source software and bringing developers together, has been the target of an attack regarding their login system. The attack hit multiple areas of the site, and even after taking several precautions, SourceForge decided it would be best to simply do a global password reset.

SourceForge was quick to write up a full report of the incident on their blog, and also get the word out to their users via email. The open-source host believes it has stopped and removed the attack before it got too far. Server logs reveal that an SSH daemon had been modified to begin password-sniffing. It is unlikely that any developer passwords were compromised, but just to be safe instead of sorry they did a global password reset, explained in the email below:

We recently experienced a directed attack on SourceForge infrastructure (http://sourceforge.net/blog/sourceforge-net-attack) and so we are resetting all passwords in the sf.net database – just in case. We're emailing all sf.net registered account holders to let you know about this change to your account.

Our investigation uncovered evidence of password sniffing attempts. We have no evidence to suggest that your password has been compromised. But, what we definitely don't want is to find out in two months that passwords were compromised and we didn't take action.

So, as a proactive measure we've invalidated your SourceForge.net account password. To access the site again, you'll need to go through the email recovery process and choose a shiny new password.

The source of the attack is not known and the same with what exactly the reasons behind it were, other than potentially allowing a hacker to upload malicious versions of open source software. SourceForge is in the process of checking updates and locking down servers to prevent any unwanted surprises or another attack in the future.

Currently, they are working on data validation comparing pre-attack backups to files appearing on the site. Services will be brought back one by one and only when safety measures and data checks are in place to prevent unauthorized actions against developers.

Report a problem with article
Previous Story

Helicopter of Microsoft's Paul Allen makes Emergency Landing

Next Story

PlentyOfFish hacked: Personal details compromised

18 Comments

Neobond said,
Good move by them

Yeah, very good and effective response. Nice to see sensible action taking place when things like this occur, here's hoping other sites/services take note of this.

Gutierrez said,
who in the hell will even think to attack sf?. Just a mad and idle person.

Yeah it sounds stupid to me. You would think that hackers would like SF for all the free software.

De.Bug said,

Yeah it sounds stupid to me. You would think that hackers would like SF for all the free software.

Um, at first glance this might make sense; however, depending on the level of hacker or the intent, OSS would have no relevance.

Hackers digging through source code for exploits is something that happens, but high skilled hackers can dig through machine code just as easily. This is where the misconception that code in a higher level language is the only way to read code, or always easier. Mangled C code can sometimes be harder to read than the compiled machine code.

The concept of OSS being the 'only' way to understand code is something that has 'dumbed' down almost a full generation of developers by instilling the idea that 'source code' is the only way to understand how software works.

A good hacker can grab the kernel files from Windows NT, which is very closed source, and follow what it is doing just as easily or sometimes more easily than reading through source code of Linux's kernel.

OSS being a good thing, better, or easier is more 'in concept' but a 'myth'.

Good hackers exist at a 'godlike' level compared to most developers that are caught in the myth that OSS is the only way to understand software or 'reuse' code/software.

20 years ago before the current OSS movement, good programmers broke apart the machine code and worked from it, and you still see this today when you find people that distribute modified Windows NT libraries and executables that change how Windows operates just as easily as you find 'mods' for an OSS based OS.


The second part is the 'intent'; which could be a group that is targeting a large base for something like financial gain as people tend to use the same passwords across many sites, and this may have been based on the demographic they want to target or just simply this site had a lot of easy holes to garner the password data.

(BTW It is a good idea to use different passwords on EVERY site you link your name or email with, even if you have to use a pattern of a base password that is modified based on some distiction to the site.)

Edited by thenetavenger, Jan 31 2011, 5:06pm :

Beyon_Godlike said,
SHOULDA BEEN RUNNING WINDOWS NT SERVERS
And how do you know they don't run any Windows server, at least a small part?

LauRoman said,
And how do you know they don't run any Windows server, at least a small part?

You don't normally use SSH servers on Windows.

Commenting is disabled on this article.