GNU Savannah Site Compromised

Posted by CmdrTaco on Tuesday November 30, 2010 @10:00AM from the it's-gnu/secure dept.

Trailrunner7 writes "A site belonging to the Savannah GNU free software archive was attacked recently, leading to a compromise of encrypted passwords and enabling the attackers to access restricted project material. The compromise was the result of a SQL injection attack against the savannah.gnu.org site within the last couple of days and the site is still offline now. A notice on the site says that the group has finished the process of restoring all of the data from a clean backup and bringing up access to some resources, but is still in the middle of adjusting its security settings."

1 of 99 comments (clear)

Min score:

Reason:

Sort:

Re:Encrypted passwords? by Tacvek · 2010-11-30 10:44 · Score: 4, Informative

Add to that that gcc is hosted.
GCC's code respositories are hosted on gcc.gnu.org, a machine also known as sourceware.org, which is owned and operated by Redhat and provides hosting for basically the entire GNU toolchain (automake, autoconf, binutils, GCC, gdb, glibc, and libstdc++)[1].
This attack therefore would not be able to modify the GCC sources.
[1] Notably not present are GNU's bison, libtool, m4 and make.

--
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524