Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 35

Thread: The Wine Project Was Compromised

  1. #11
    Join Date
    May 2007
    Location
    Third Rock from the Sun
    Posts
    6,584

    Default

    Quote Originally Posted by droidhacker View Post
    It would seem that the world of open-source has now become a target. The fact that now THREE KNOWN sites have been compromised within a VERY short time suggests that this is an organized attack against open-source. That means that the source of the attack is probably one of the major CLOSED SOURCE vendors, especially one that feels particularly threatened by open-source -- most likely applesoft, which are under clear and direct threat, and being thoroughly beat. Apple is taking a huge hit against its iTrash by Google, and MS is losing market share to more portable devices like phones and tablets (i.e., an average home user may buy a tablet instead of a desktop/laptop now, and a tablet will have apple or google on it instead of ms).

    BS, the hacks are more then likely from the same type of crackers that have always existed. They are just realizing that you can get the same amount of "prestige" now doing so. The "security by obscurity" is just becoming less of a factor.

  2. #12

    Default

    Quote Originally Posted by phoronix View Post
    Phoronix: The Wine Project Was Compromised

    Jeremy White of CodeWeavers has announced that the WineHQ database system, used by Wine for its BugZilla and for its application rating system, was compromised by hacker(s)...

    http://www.phoronix.com/vr.php?view=OTk5NQ
    Please tell me that their passwords used hashing, rather than encryption, and that they used very long salt.

    By the way, I regret to say that I predicted this sort of intrusion in a project I am coding two months ago. I made sure that PHPMyAdmin was restricted to the loopback device so that all access would require SSH port forwarding. Had the WINE developers done the same, this would never have happened.
    Last edited by Shining Arcanine; 10-12-2011 at 10:01 AM.

  3. #13
    Join Date
    May 2007
    Location
    Third Rock from the Sun
    Posts
    6,584

    Default

    Quote Originally Posted by Shining Arcanine View Post
    Please tell me that their passwords used hashing, rather than encryption, and that they used very long salt.
    Are you implying that '123456' is not a good enough password? :P

  4. #14

    Default

    Quote Originally Posted by deanjo View Post
    Are you implying that '123456' is not a good enough password? :P
    I am implying that it is incredibly easy to brute force unsalted passwords.

  5. #15
    Join Date
    Jan 2009
    Posts
    1,678

    Default

    Microsoft is behind this



    ...puts on Faraday cage helmet

  6. #16
    Join Date
    Oct 2008
    Posts
    890

    Default

    Quote Originally Posted by Shining Arcanine View Post
    Please tell me that their passwords used hashing, rather than encryption, and that they used very long salt.

    By the way, I regret to say that I predicted this sort of intrusion in a project I am coding two months ago. I made sure that PHPMyAdmin was restricted to the loopback device so that all access would require SSH port forwarding. Had the WINE developers done the same, this would never have happened.
    What good is ssh forwarding when your ssh key is 999999999999999999999999999999999 because the person packaging your version of OpenSSH portable is an idiot?

  7. #17
    Join Date
    Oct 2008
    Posts
    890

    Default

    Quote Originally Posted by deanjo View Post
    I expect to see a lot more of this in the coming years unless many open source projects start taking security a little more serious. There are just so many projects out there where security is an afterthought and unless a project recruits someone to be the "security hound dog" in their project it will only get worse.
    That requires an attitude that Linux is not secure, which is heresy.

  8. #18
    Join Date
    May 2007
    Location
    Third Rock from the Sun
    Posts
    6,584

    Default

    Quote Originally Posted by yogi_berra View Post
    That requires an attitude that Linux is not secure, which is heresy.
    Of course, which would require an Inquisition and a burning at the stake which Pope Stallman would surely oversee.

  9. #19
    Join Date
    Oct 2009
    Posts
    845

    Default

    Quote Originally Posted by deanjo View Post
    Of course, which would require an Inquisition and a burning at the stake which Pope Stallman would surely oversee.
    You really had to stretch yourself in order to get a jab in on Stallman here, deanjo. You come across as just another 'I am a bsd fan and as such I hate Stallman' stereotype. I'd expect better from a moderator but I guess you just can't hold it in.

  10. #20
    Join Date
    May 2007
    Location
    Third Rock from the Sun
    Posts
    6,584

    Default

    Quote Originally Posted by XorEaxEax View Post
    You really had to stretch yourself in order to get a jab in on Stallman here, deanjo. You come across as just another 'I am a bsd fan and as such I hate Stallman' stereotype. I'd expect better from a moderator but I guess you just can't hold it in.
    As it has been pointed out before, I am not a BSD fan. It's not like I said I would be glad if Stallman was gone, that would just be tasteless.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •