Hard Light Productions Forums

Off-Topic Discussion => General Discussion => Topic started by: jr2 on June 04, 2015, 06:07:55 am

Title: SourceForge takes over projects; injects malware?!
Post by: jr2 on June 04, 2015, 06:07:55 am

Unsure if this is as bad as it seems, but:

http://seclists.org/nmap-dev/2015/q2/194

The comments on reddit have links to compromised projects.

http://reddit.com/r/technology/comments/38dnue/sourceforge_has_begun_hijacking_popular_accounts/


Shorter list of more recognizable ones:

openoffice, audacity, fedora, firefox, gimp, gnu privacy guard, joomla, libre office, multiwii, neverball, nmap, sqlite, simulationcraft, snort, texworks, transmission, vlc media player, wordpress, recaptcha, apache, mame, mysql, thunderbird

So be sure to get those goodies from another source. :ick:  (alternatives mentioned in the reddit comments)

Title: Re: SourceForge takes over projects; injects malware?!
Post by: Bobboau on June 04, 2015, 08:35:50 am

yeah, and the same company owns slashdot and has been censoring any news of this for a while (http://danluu.com/slashdot-sourceforge/) (oh wait, they aren't a government, I guess this is just fine). Also, some of the affiliated projects are complicit, like filezilla, they have received complaints about this and have been like "tough ****"

related article: http://arstechnica.com/information-technology/2015/06/sourceforge-locked-in-projects-of-fleeing-users-cashed-in-on-malvertising/

I don't get why anyone was still using them as of four years ago, github had them beat on all fronts.