Slashdot Mirror


PostNuke Open Source CMS Attacked

ValourX writes "This morning the developers of the free software content management system PostNuke posted a security announcement saying that a vulnerability in the paFileDB download management software allowed an attacker to put up a hacked version of PostNuke for download. That version was live on the PostNuke download site between Sunday at 23:50 GMT and Tuesday at 8:30 GMT. Proprietary software zealots are always saying that open source programs are likely to contain backdoors, but is this situation truly what they mean when they say that? NewsForge (part of OSTG) has the story."

5 of 300 comments (clear)

  1. Buzzword Report! by OccidentalSlashy · · Score: 3, Funny

    Developers free software content management system PostNuke security announcement vulnerability download management software attacker hacked PostNuke download. Version PostNuke download site Sunday GMT Tuesday GMT. Proprietary software zealots open source contain backdoors.

    All I'm asking is can I get a Beowulf cluster of dat.

    --
    vicious, untreated political sewage...niche entertainment for the spiritually unattractive...worshipless pap
  2. Re:Friend or Foe by Anonymous Coward · · Score: 5, Funny
    I prefer the backdoors that I can see and deal with to the ones I cannot.


    Must... resist... goatse... troll...

  3. Re:Article submitter: -1, troll by zapp · · Score: 4, Funny

    You must have never gone to a .NET developer meeting. A few people in the CIS dept (the business side of IT, not the engineering folk) had such a club going, which I attended a few times for the free food, tshirts, copy of WinXP, copy of Dev Studio, etc.

    These guys would claim Microsoft had invented the Sun, and should be worshipped for such an achievement. It really was interesting to observe.

    At one point I won a door prize of my pick between several "writing secure code" books by MS Press. I said if I wanted to learn how to write secure code, I think I could find someone better than MS to learn from... everyone just stared at me slack jawed.

    --
    no comment
  4. Levels of incompetence by gregarican · · Score: 3, Funny
    How many levels can we progress? Lemme see:

    A site is responsible for distributing an application based on a platform that's been a script kiddie playground for years now.

    The site gets its source code respositories compromised.

    The site's maintainers apparently don't verify any MD5 checksums on a regular basis.

    The general public knownigly downloads said compromised source code without verifying any MD5 checksums either.

    Boy oh boy. I thought Windows "experts" were clueless.

  5. Re:Raise the bar. by CdnYoda · · Score: 3, Funny

    Plagarized, I have been! :-) Who is this 'Dr. Spock?' Know him, I do not...:-)

    --
    -- "May the Source be with you!"