Submission + - Sourceforge Hijacks the Nmap Sourceforge Account (seclists.org) 2
vivaoporto writes: Gordon Lyon (better known as Fyodor, author of nmap and maintainer of the internet security resource sites insecure.org, nmap.org, seclists.org, and sectools.org) warns on the nmap development mailing list that the Sourceforge Nmap account was hijacked from him.
According to him the old Nmap project page (located at http://sourceforge.net/projects/nmap/, screenshot) was changed to a blank page and its contents were moved to a new page (http://sourceforge.net/projects/nmap.mirror/, screenshot) which controlled by sf-editor1 and sf-editor3, in pattern mirroring the much discussed the takeover of GIMP-Win page discussed last week on Ars Technica, IT World and eventually this week Slashdot.
That happens after Sourceforge promises to stop "presenting third party offers for unmaintained SourceForge projects. At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."
To their credit Fyodor states that "So far they seem to be providing just the official Nmap files (as long as you don't click on the fake download buttons) and we haven't caught them trojaning Nmap the way they did with GIMP" but reiterates "that you should only download Nmap from our official SSL Nmap site: https://nmap.org/download.html"
According to him the old Nmap project page (located at http://sourceforge.net/projects/nmap/, screenshot) was changed to a blank page and its contents were moved to a new page (http://sourceforge.net/projects/nmap.mirror/, screenshot) which controlled by sf-editor1 and sf-editor3, in pattern mirroring the much discussed the takeover of GIMP-Win page discussed last week on Ars Technica, IT World and eventually this week Slashdot.
That happens after Sourceforge promises to stop "presenting third party offers for unmaintained SourceForge projects. At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."
To their credit Fyodor states that "So far they seem to be providing just the official Nmap files (as long as you don't click on the fake download buttons) and we haven't caught them trojaning Nmap the way they did with GIMP" but reiterates "that you should only download Nmap from our official SSL Nmap site: https://nmap.org/download.html"
