Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
GNU is Not Unix

Submission + - Main GNU Source Repository Server Compromised

recoiledsnake writes: The main GNU source repository server savannah.gnu.org, used as a central code repository for many GNU projects including gcc, has been compromised by a SQL injection attack and is currently offline. Attackers were able to read encrypted passwords and decrypt them, some presumably by brute force leading to project membership access. There was no database loss since a working backup system was at least maintained. However, the attack does raise big questions about why a organization that prides itself on the security of its software failed to follow minimum basic security practices like storing password hashes instead of encrypting them and mitigating SQL injection attacks. There are no details on whether the attackers were able to sneak in malicious code to any of the projects hosted by GNU. And, as we all know from Ken Thompson's Turing award lecture, once the compiler is compromised, it's game over.

Slashdot Top Deals

Everybody needs a little love sometime; stop hacking and fall in love!

Working...