SourceForge subject of password sniffing attack

Any research, news or information regarding the wide variety of techniques criminals use to take over your computers or web servers.

SourceForge subject of password sniffing attack

Postby AlphaCentauri » Sat Jan 29, 2011 3:10 pm

This one is not a phishing attempt:
http://sourceforge.net/blog/sourceforge ... ord-reset/

SourceForge.net passwords reset
Posted on Friday, January 28th, 2011 by admin

We recently experienced a directed attack on SourceForge infrastructure (http://sourceforge.net/blog/sourceforge-net-attack/) and so we are resetting all passwords in the sf.net database — just in case.

Our investigation uncovered evidence of password sniffing attempts. We have no evidence to suggest that the sniffing attempt was completed successfully. But, what we definitely don’t want is to find out in 2 months that passwords were compromised and we didn’t take action.
So, we’ve invalidated all sourceforge.net account passwords, and to access the site again, everyone will need to go through the email recovery process and choose a shiny new password:

https://sourceforge.net/account/registr ... ecover.php

We have received a lot of support and sympathy from our community, and I know our ops team is immensely grateful for all of it. Thanks again for your patience with us as we work to respond to this attack. We’ll be working through the weekend to get things back to normal as quickly as possible.


As always, when you get an email about something like this, the safe way to respond is to go to the site's home page directly by typing it into your browser manually rather than following links in the email. (The information is on their blog.)
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Return to Botnets, Hijacks and Hacking

Who is online

Users browsing this forum: No registered users and 1 guest

cron