The Wine Project Was Compromised

[deanjo]

It would seem that the world of open-source has now become a target. The fact that now THREE KNOWN sites have been compromised within a VERY short time suggests that this is an organized attack against open-source. That means that the source of the attack is probably one of the major CLOSED SOURCE vendors, especially one that feels particularly threatened by open-source -- most likely applesoft, which are under clear and direct threat, and being thoroughly beat. Apple is taking a huge hit against its iTrash by Google, and MS is losing market share to more portable devices like phones and tablets (i.e., an average home user may buy a tablet instead of a desktop/laptop now, and a tablet will have apple or google on it instead of ms).

BS, the hacks are more then likely from the same type of crackers that have always existed. They are just realizing that you can get the same amount of "prestige" now doing so. The "security by obscurity" is just becoming less of a factor.

[Shining Arcanine]

Phoronix: The Wine Project Was Compromised

Jeremy White of CodeWeavers has announced that the WineHQ database system, used by Wine for its BugZilla and for its application rating system, was compromised by hacker(s)...

http://www.phoronix.com/vr.php?view=OTk5NQ

Please tell me that their passwords used hashing, rather than encryption, and that they used very long salt.

By the way, I regret to say that I predicted this sort of intrusion in a project I am coding two months ago. I made sure that PHPMyAdmin was restricted to the loopback device so that all access would require SSH port forwarding. Had the WINE developers done the same, this would never have happened.

[deanjo]

Please tell me that their passwords used hashing, rather than encryption, and that they used very long salt.

Are you implying that '123456' is not a good enough password? :P

[Shining Arcanine]

Are you implying that '123456' is not a good enough password? :P

I am implying that it is incredibly easy to brute force unsalted passwords.

[89c51]

Microsoft is behind this



...puts on Faraday cage helmet

[yogi_berra]

Please tell me that their passwords used hashing, rather than encryption, and that they used very long salt.

By the way, I regret to say that I predicted this sort of intrusion in a project I am coding two months ago. I made sure that PHPMyAdmin was restricted to the loopback device so that all access would require SSH port forwarding. Had the WINE developers done the same, this would never have happened.

What good is ssh forwarding when your ssh key is 999999999999999999999999999999999 because the person packaging your version of OpenSSH portable is an idiot?

[yogi_berra]

I expect to see a lot more of this in the coming years unless many open source projects start taking security a little more serious. There are just so many projects out there where security is an afterthought and unless a project recruits someone to be the "security hound dog" in their project it will only get worse.

That requires an attitude that Linux is not secure, which is heresy.

[deanjo]

That requires an attitude that Linux is not secure, which is heresy.

Of course, which would require an Inquisition and a burning at the stake which Pope Stallman would surely oversee.

[XorEaxEax]

Of course, which would require an Inquisition and a burning at the stake which Pope Stallman would surely oversee.

You really had to stretch yourself in order to get a jab in on Stallman here, deanjo. You come across as just another 'I am a bsd fan and as such I hate Stallman' stereotype. I'd expect better from a moderator but I guess you just can't hold it in.

[deanjo]

You really had to stretch yourself in order to get a jab in on Stallman here, deanjo. You come across as just another 'I am a bsd fan and as such I hate Stallman' stereotype. I'd expect better from a moderator but I guess you just can't hold it in.

As it has been pointed out before, I am not a BSD fan. It's not like I said I would be glad if Stallman was gone, that would just be tasteless.