Intruder cracks VA Linux developer site

[InfoSec News <isn () c4i org>]

http://news.cnet.com/news/0-1003-200-6077471.html?tag=mn_hd

By Robert Lemos
Special to CNET News.com 
May 29, 2001, 2:50 p.m. PT 

Update: Server seller VA Linux Systems acknowledged Tuesday that an
Internet intruder breached the security surrounding its open-source
development site, SourceForge.net.

The site's "shell server" was compromised May 22 after a SourceForge
employee logged on to an outside Internet service provider that had
already been taken over by the intruder, said Pat McGovern, site
director of SourceForge.net. When the staff member logged on to
SourceForge remotely, the intruder captured the password.

"What happened was the (ISP) was compromised and had not known it,"
McGovern said, adding that the site's administrator quickly noticed
the intruder and shut systems down. "Basically we had to go through
and rebuild the machine, and then we checked the log file of everyone
who used the machine."

Using the log file, the site's administrator sent an e-mail to warn
developers who had recently signed on to the site that their accounts
may have been compromised. Similar to what was done on the ISP's
system, the intruder who took control of the SourceForge server may
have been able to essentially "watch" as people logged on.

The e-mail warned the developers that they should change their
passwords because their accounts may have been compromised.

SourceForge is a network of sites that hosts more than 21,000
open-source development projects, giving developers the tools
necessary to update different versions of the code and allowing people
to easily search the database of projects.

After the attack, VA removed the shell service until workers could
reinstall the software and data on the server. The shell server
allowed SourceForge members to type commands into the system remotely.
On Thursday, the company posted an alert that the shell server
couldn't be used because of an "unscheduled maintenance event."

"In this case, they only got into a shell server," McGovern said.

The company also decided to shut down its "compile farm," a collection
of computers running different operating systems on which SourceForge
developers can test their software.

Unlike the intrusion into Microsoft's servers last year, in this case
few developers were worried about the vandals stealing their software.
The projects hosted by the site are open source, so "stealing" the
code makes little difference.

Although illicit modifications to the programming projects are a
concern, McGovern said the intruder didn't get that far.

This week is apparently a bad one for open-source-related sites. On
Tuesday, download site Tucows.com--which has large archives of
open-source programs--disappeared from the Net for a few hours.

The site is back up. Ross Rader, director of research for Tucows,
could not provide more details about the outage.






ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.