By Dan Goodin in San Francisco
1st December 2010
The main source-code repository for the Free Software Foundation has
been taken down following an attack that compromised some of the
website's account passwords and may have gained unfettered
The SQL-injection attacks on GNU Savannah exploited holes in Savane, the
open-source software hosting application that was spun off from
SourceForge, Matt Lee, a campaigns manager for the Free Software
Foundation, told The Register. The attackers were then able to obtain
the entire database of usernames and hashed passwords, some of which
were decrypted using brute-force techniques.
Project managers took GNU Savannah offline on Saturday, more than 48
hours after the attack occurred. They expect to bring the site back
online on Wednesday, although they're not guaranteeing it will be fully
functional. Out of an abundance of caution, restored data will come from
a backup made on November 24, prior to the compromise. Lee said there's
no reason to believe any of the source code hosted on the site was
affected by the breach.
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.