SourceForge.net Resets All User Passwords in Wake of a Sniffing Attempt
By on January 29th, 2011

Attacks on passwords, security and privacy are becoming bolder and stronger. Recently, Sourceforge.net had warned its users of a possible attack on their passwords with a blog post.

sourceforge-down

Although, the blog is down now as they are carrying out database maintenance, we can still show you the email via Sathyajit that says,

Hello,

We recently experienced a directed attack on SourceForge infrastructure
(http://sourceforge.net/blog/sourceforge-net-attack/) and so we are
resetting all passwords in the sf.net database — just in case. We’re
e-mailing all sf.net registered account holders to let you know about this
change to your account.

Our investigation uncovered evidence of password sniffing attempts. We have
no evidence to suggest that your password has been compromised. But, what
we definitely don’t want is to find out in 2 months that passwords were
compromised and we didn’t take action.

So, as a proactive measure we’ve invalidated your SourceForge.net account
password. To access the site again, you’ll need to go through the email
recovery process and choose a shiny new password:

https://sourceforge.net/account/registration/recover.php

If you need help with this, feel free to e-mail us:

sfnet_ops@geek.net

We appreciate your patience with us as we work to respond to this attack.
We’ll be working through the weekend to get things back to normal as
quickly as possible.

Watch for updates on the service outages on our blog:

http://sourceforge.net/blog/

Thank you,

The SourceForge Team

Given the last fiasco at Gawker media and Mozilla, we sure have to wake up and stop using MD5.

As a failsafe method, we should reset our passwords at major websites like Google and other developer networks regularly. This can work well towards keeping you safe. You can check the Sourceforge blog for details once the page is back up.

Tags:
Author: Chinmoy Kanjilal Google Profile for Chinmoy Kanjilal
Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

Chinmoy Kanjilal has written and can be contacted at chinmoy@techie-buzz.com.

Leave a Reply

Name (required)

Website (optional)

 
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN