Announcement

Collapse
No announcement yet.

The Wine Project Was Compromised

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by droidhacker View Post
    It would seem that the world of open-source has now become a target. The fact that now THREE KNOWN sites have been compromised within a VERY short time suggests that this is an organized attack against open-source. That means that the source of the attack is probably one of the major CLOSED SOURCE vendors, especially one that feels particularly threatened by open-source -- most likely applesoft, which are under clear and direct threat, and being thoroughly beat. Apple is taking a huge hit against its iTrash by Google, and MS is losing market share to more portable devices like phones and tablets (i.e., an average home user may buy a tablet instead of a desktop/laptop now, and a tablet will have apple or google on it instead of ms).

    BS, the hacks are more then likely from the same type of crackers that have always existed. They are just realizing that you can get the same amount of "prestige" now doing so. The "security by obscurity" is just becoming less of a factor.

    Comment


    • #12
      Originally posted by phoronix View Post
      Phoronix: The Wine Project Was Compromised

      Jeremy White of CodeWeavers has announced that the WineHQ database system, used by Wine for its BugZilla and for its application rating system, was compromised by hacker(s)...

      http://www.phoronix.com/vr.php?view=OTk5NQ
      Please tell me that their passwords used hashing, rather than encryption, and that they used very long salt.

      By the way, I regret to say that I predicted this sort of intrusion in a project I am coding two months ago. I made sure that PHPMyAdmin was restricted to the loopback device so that all access would require SSH port forwarding. Had the WINE developers done the same, this would never have happened.
      Last edited by Shining Arcanine; 12 October 2011, 10:01 AM.

      Comment


      • #13
        Originally posted by Shining Arcanine View Post
        Please tell me that their passwords used hashing, rather than encryption, and that they used very long salt.
        Are you implying that '123456' is not a good enough password? :P

        Comment


        • #14
          Originally posted by deanjo View Post
          Are you implying that '123456' is not a good enough password? :P
          I am implying that it is incredibly easy to brute force unsalted passwords.

          Comment


          • #15
            Microsoft is behind this



            ...puts on Faraday cage helmet

            Comment


            • #16
              Originally posted by Shining Arcanine View Post
              Please tell me that their passwords used hashing, rather than encryption, and that they used very long salt.

              By the way, I regret to say that I predicted this sort of intrusion in a project I am coding two months ago. I made sure that PHPMyAdmin was restricted to the loopback device so that all access would require SSH port forwarding. Had the WINE developers done the same, this would never have happened.
              What good is ssh forwarding when your ssh key is 999999999999999999999999999999999 because the person packaging your version of OpenSSH portable is an idiot?

              Comment


              • #17
                Originally posted by deanjo View Post
                I expect to see a lot more of this in the coming years unless many open source projects start taking security a little more serious. There are just so many projects out there where security is an afterthought and unless a project recruits someone to be the "security hound dog" in their project it will only get worse.
                That requires an attitude that Linux is not secure, which is heresy.

                Comment


                • #18
                  Originally posted by yogi_berra View Post
                  That requires an attitude that Linux is not secure, which is heresy.
                  Of course, which would require an Inquisition and a burning at the stake which Pope Stallman would surely oversee.

                  Comment


                  • #19
                    Originally posted by deanjo View Post
                    Of course, which would require an Inquisition and a burning at the stake which Pope Stallman would surely oversee.
                    You really had to stretch yourself in order to get a jab in on Stallman here, deanjo. You come across as just another 'I am a bsd fan and as such I hate Stallman' stereotype. I'd expect better from a moderator but I guess you just can't hold it in.

                    Comment


                    • #20
                      Originally posted by XorEaxEax View Post
                      You really had to stretch yourself in order to get a jab in on Stallman here, deanjo. You come across as just another 'I am a bsd fan and as such I hate Stallman' stereotype. I'd expect better from a moderator but I guess you just can't hold it in.
                      As it has been pointed out before, I am not a BSD fan. It's not like I said I would be glad if Stallman was gone, that would just be tasteless.

                      Comment

                      Working...
                      X