Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
GNU is Not Unix

Submission + - Main GNU Source Repository Server Compromised

recoiledsnake writes: The main GNU source repository server savannah.gnu.org, used as a central code repository for many GNU projects including gcc, has been compromised by a SQL injection attack and is currently offline. Attackers were able to read encrypted passwords and decrypt them, some presumably by brute force leading to project membership access. There was no database loss since a working backup system was at least maintained. However, the attack does raise big questions about why a organization that prides itself on the security of its software failed to follow minimum basic security practices like storing password hashes instead of encrypting them and mitigating SQL injection attacks. There are no details on whether the attackers were able to sneak in malicious code to any of the projects hosted by GNU. And, as we all know from Ken Thompson's Turing award lecture, once the compiler is compromised, it's game over.

Slashdot Top Deals

What is now proved was once only imagin'd. -- William Blake

Working...