Announcement

Collapse
No announcement yet.

The Wine Project Was Compromised

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Wine Project Was Compromised

    Phoronix: The Wine Project Was Compromised

    Jeremy White of CodeWeavers has announced that the WineHQ database system, used by Wine for its BugZilla and for its application rating system, was compromised by hacker(s)...

    http://www.phoronix.com/vr.php?view=OTk5NQ

  • #2
    This makes you think software projects are under attack and what is there to gain by doing such thing?

    Comment


    • #3
      Originally posted by DeepDayze View Post
      This makes you think software projects are under attack and what is there to gain by doing such thing?
      Treasure trove of login info, since people on average probably use higher quality email accounts when bug reporting.

      Comment


      • #4
        I certainly do so (my "real name mail"), but what in the world could drive someone to use the same password on a non related website or a bugtracker that he uses for his mail account.

        Comment


        • #5
          Microsoft, was that you?

          Comment


          • #6
            I hope Phoronix is secure

            Comment


            • #7
              Well, I think it is time for existing security measures to be reassessed. This is beyond ridiculous, its now dangerous. I mean I use phpmyadmin, how can I tell if my own server is safe? I'm gonna have to sit down and study this to figure out how best secure my own data.

              Comment


              • #8
                What's going on in the world? Even now there is not such "hacker ethic" that protects and helps improving open-source/free software projects (and its security).

                It's disappointing.

                Comment


                • #9
                  Originally posted by alazar View Post
                  What's going on in the world? Even now there is not such "hacker ethic" that protects and helps improving open-source/free software projects (and its security).

                  It's disappointing.

                  I expect to see a lot more of this in the coming years unless many open source projects start taking security a little more serious. There are just so many projects out there where security is an afterthought and unless a project recruits someone to be the "security hound dog" in their project it will only get worse.

                  Comment


                  • #10
                    It would seem that the world of open-source has now become a target. The fact that now THREE KNOWN sites have been compromised within a VERY short time suggests that this is an organized attack against open-source. That means that the source of the attack is probably one of the major CLOSED SOURCE vendors, especially one that feels particularly threatened by open-source -- most likely applesoft, which are under clear and direct threat, and being thoroughly beat. Apple is taking a huge hit against its iTrash by Google, and MS is losing market share to more portable devices like phones and tablets (i.e., an average home user may buy a tablet instead of a desktop/laptop now, and a tablet will have apple or google on it instead of ms).

                    Comment


                    • #11
                      Originally posted by droidhacker View Post
                      It would seem that the world of open-source has now become a target. The fact that now THREE KNOWN sites have been compromised within a VERY short time suggests that this is an organized attack against open-source. That means that the source of the attack is probably one of the major CLOSED SOURCE vendors, especially one that feels particularly threatened by open-source -- most likely applesoft, which are under clear and direct threat, and being thoroughly beat. Apple is taking a huge hit against its iTrash by Google, and MS is losing market share to more portable devices like phones and tablets (i.e., an average home user may buy a tablet instead of a desktop/laptop now, and a tablet will have apple or google on it instead of ms).

                      BS, the hacks are more then likely from the same type of crackers that have always existed. They are just realizing that you can get the same amount of "prestige" now doing so. The "security by obscurity" is just becoming less of a factor.

                      Comment


                      • #12
                        Originally posted by phoronix View Post
                        Phoronix: The Wine Project Was Compromised

                        Jeremy White of CodeWeavers has announced that the WineHQ database system, used by Wine for its BugZilla and for its application rating system, was compromised by hacker(s)...

                        http://www.phoronix.com/vr.php?view=OTk5NQ
                        Please tell me that their passwords used hashing, rather than encryption, and that they used very long salt.

                        By the way, I regret to say that I predicted this sort of intrusion in a project I am coding two months ago. I made sure that PHPMyAdmin was restricted to the loopback device so that all access would require SSH port forwarding. Had the WINE developers done the same, this would never have happened.
                        Last edited by Shining Arcanine; 10-12-2011, 10:01 AM.

                        Comment


                        • #13
                          Originally posted by Shining Arcanine View Post
                          Please tell me that their passwords used hashing, rather than encryption, and that they used very long salt.
                          Are you implying that '123456' is not a good enough password? :P

                          Comment


                          • #14
                            Originally posted by deanjo View Post
                            Are you implying that '123456' is not a good enough password? :P
                            I am implying that it is incredibly easy to brute force unsalted passwords.

                            Comment


                            • #15
                              Microsoft is behind this



                              ...puts on Faraday cage helmet

                              Comment

                              Working...
                              X