Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
GNU is Not Unix

Submission + - Main GNU Source Repository Server Compromised

recoiledsnake writes: The main GNU source repository server, used as a central code repository for many GNU projects including gcc, has been compromised by a SQL injection attack and is currently offline. Attackers were able to read encrypted passwords and decrypt them, some presumably by brute force leading to project membership access. There was no database loss since a working backup system was at least maintained. However, the attack does raise big questions about why a organization that prides itself on the security of its software failed to follow minimum basic security practices like storing password hashes instead of encrypting them and mitigating SQL injection attacks. There are no details on whether the attackers were able to sneak in malicious code to any of the projects hosted by GNU. And, as we all know from Ken Thompson's Turing award lecture, once the compiler is compromised, it's game over.

Slashdot Top Deals

IBM Advanced Systems Group -- a bunch of mindless jerks, who'll be first against the wall when the revolution comes... -- with regrets to D. Adams