Slashdot Mirror

← Back to Stories (view on slashdot.org)

MethLabs Shuts out PeerGuardian

Posted by ScuttleMonkey on from the hard-luck-and-epic-battles dept.

Lost&Confused writes to tell us Slyck News is reporting that most of Methlabs.org administration and development staff have been forced out of their own website. For the time being PeerGuardian is being hosted on sourceforge. However, users are advised to stop using the Methlabs.org and Blocklist.org hosted blocklists in favor of the Bluetack list until they can sort things out.

2 of 186 comments (clear)

  1. One of those things about the open source crowd... by suitepotato · · Score: 5, Insightful

    ...they don't tend to be very big on the business accumen. Any enterprise where stuff like this can happen, needs to have contracts in force that head them off. The big business closed source world lives and dies by contracts and legally binding agreements. The licenses on the code produced should not be where the thoughts of legalities end. Internal legal matters are perhaps far more important.

    --
    If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
  2. "login ... and change your password" = danger by dsandler · · Score: 5, Insightful

    Without knowing any details, it's hard to know which party in this situation is the malicious one (possibly both). But this message on the methlabs.org blog is causing the Lost-In-Space-Robot in my head to wave its arms madly:

    Unfortunately, they gained access to site backups. In doing so, your passwords may have been compromised, although they are MD5 encrypted. We would like to you login to the Methlabs forums ([url redacted]) and change your password. We sincerely apologize for this issue.

    If the webmaster is telling the truth, this is an innocuous request. [Of course, sufficiently strong passwords will survive precomputed hash attacks, and it's still pretty hard to brute-force MD5 hashes (even given recent weaknesses).] However, if the webmaster is malicious, this is no different than a PayPal phishing scam: "Come visit our website (the legitimacy of which is, at best, in doubt) and enter your old password on a Web form. Go ahead, enter a new one, too. Thanks."

    The right thing to do in this case, where you have multiple parties which may all be malicious and some of which may have your passwords, in plaintext or hashed format, is probably to stop using those passwords immediately. If you use that forum password elsewhere, change it elsewhere. As for methlabs.org, the safest course of action is probably to wait and see who the good guys are before typing any passwords in, old or new.