PostNuke Open Source CMS Attacked

ValourX writes "This morning the developers of the free software content management system PostNuke posted a security announcement saying that a vulnerability in the paFileDB download management software allowed an attacker to put up a hacked version of PostNuke for download. That version was live on the PostNuke download site between Sunday at 23:50 GMT and Tuesday at 8:30 GMT. Proprietary software zealots are always saying that open source programs are likely to contain backdoors, but is this situation truly what they mean when they say that? NewsForge (part of OSTG) has the story."

A list of websites?

[Pan+T.+Hose]

Could anyone post a list of websites which might have downloaded and installed that backdoor so we could avoid posting any sensitive information there until we know for sure that the problem has already been resolved? Just looking on a website it is not always obvious which content management software is being used and whether any such software was installed on that server at all (e.g. there can be lots of virtual servers on any physical host, some of them using that software, while other do not). I wouldn't want to send my credit card number (or even an email address) to any website hosted on a backdored server.

Re:PostNuke

That's one of the stupidist comments I've heard. Just because it's popular in your world means jack shit.

I'd never heard of it either.

You know what? Some people have never heard of Slashdot. GASP!

Get over yourself.