SourceForge Detects Targeted Attack, Resets Millions of Passwords

Last week, open source software development and distribution resource SourceForgethe target of a directed attack. Once the attack was detected, the company locked down the impacted hosts to reduce the risk of escalation to other hosts. Thus, this prevented possible data gathering activities, said SourceForge. was

Consequently, it resulted in service downtime for CVS Hosting, ViewVC, New Release upload capability, and ProjectWeb/shell.

According to SourceForge, the company analysis uncovered (among other things) a hacked SSH daemon, which was modified to do password capture. Even though the company has no evidence to suggest that the sniffing attempt was successful in collecting passwords, it is taking a precautionary measure of invalidating all SourceForge user account passwords.

“What we definitely don’t want is to find out in two months that passwords were compromised and we didn’t take any action,” as per the company blog post on Friday. Hence, to access the site again, the company has asked users to recover account access by e-mail and reset the password.

The restoration work continued through the weekend with plans to begin restoring services early this week. There is a lot of data to be validated and these tests will take some time to run.  Given the negative consequences of corrupted data, the company feels it’s vital to take the time to validate everything that could potentially have been touched.

The general course of the attack was pretty standard. There was a root privilege escalation on one of the platforms, which permitted exposure of credentials that were then used to access machines with externally-facing SSH, SourceForge stated. However, the developer’s network partitioning prevented escalation to other zones of the company network. 

Now that most of the analysis is done, the firm is in the process of restoring compromised boxes from bare metal, and implementing a number of new controls to reduce likelihood of future attack. In addition, it will also be updating the credentials which reside on these hosts and perform quite a few steps to further lock down access to these machines.

Meanwhile, the open source proponent has promised to keep the process of improving security going, and will continue making behind the scenes improvements to its infrastructure on a regular basis. “This isn’t a one-time event, it’s a process, and we’re going to stay fully engaged over the long term,” asserted SourceForge.

Want to learn more about the latest in communications & technology? Then be sure to attend ITEXPO East 2011, taking place Feb 2-4, 2011, in Miami. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. To register, click here.