amerello - Slashdot User

Submission + - Sourceforge Hijacks the Nmap Sourceforge Account (seclists.org) 2

Submitted by vivaoporto on Wednesday June 03, 2015 @05:31AM

vivaoporto writes: Gordon Lyon (better known as Fyodor, author of nmap and maintainer of the internet security resource sites insecure.org, nmap.org, seclists.org, and sectools.org) warns on the nmap development mailing list that the Sourceforge Nmap account was hijacked from him.

According to him the old Nmap project page (located at http://sourceforge.net/projects/nmap/, screenshot) was changed to a blank page and its contents were moved to a new page (http://sourceforge.net/projects/nmap.mirror/, screenshot) which controlled by sf-editor1 and sf-editor3, in pattern mirroring the much discussed the takeover of GIMP-Win page discussed last week on Ars Technica, IT World and eventually this week Slashdot.

That happens after Sourceforge promises to stop "presenting third party offers for unmaintained SourceForge projects. At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."

To their credit Fyodor states that "So far they seem to be providing just the official Nmap files (as long as you don't click on the fake download buttons) and we haven't caught them trojaning Nmap the way they did with GIMP" but reiterates "that you should only download Nmap from our official SSL Nmap site: https://nmap.org/download.html"

Comment scary (Score 1) 238

by amerello on Tuesday January 20, 2015 @04:23PM (#48859419) Attached to: Google Thinks the Insurance Industry May Be Ripe For Disruption

This is very scary. It would even increase their motivation to mine every possible bit of personalized data they can get on everybody to create personal profiles with health issues, preferences, tendencies, affiliations, etc.

Comment Re:Sony? (Score 1) 177

by amerello on Saturday December 20, 2014 @05:25AM (#48640537) Attached to: Hackers Used Nasty "SMB Worm" Attack Toolkit Against Sony

The problem is that it doesn't just damage the entity "Sony", but also has had a large negative effect for the thousands of workers that have nothing to do with Sony's stupid decisions. Now about the attack itself, I strongly believe that this is a false flag operation. The blocking of the movie is caricaturesque in its purpose, it was certain that it would direct all the attention to North Korea. If you can organize such a high skilled attack you can and will also invest effort in covering your tracks and what's best than giving false leads. As a result of all the publicity that this attack got, the government will have green light to increase their investment on cyber offensive operations. If this was part of the original goal I don't know, but the attacker certainly knew that this would get the attention of everybody.

Comment misaligned goals (Score 1) 134

by amerello on Sunday April 13, 2014 @10:52AM (#46739825) Attached to: Obama Says He May Or May Not Let the NSA Exploit the Next Heartbleed

This is a clear indication that the government's and NSA's security concerns are absolutely misaligned with the interest of the population. They seem to serve imperialist ambitions. An indicator of concern for citizen's security would be to report such a vulnerability immediately and helping prevent the exploitation of the bugs by cyber criminals. That would be in the interest of national and international security.

Slashdot Top Deals