in reply to search.cpan.org site attacked? Why?

What is scary about these people is what morons they are.

You have cracked a widely used repository of software. People are in the habit of downloading and running code from this repository with full administrative access. (How many of us have done this on how many different machines?) And so you go about showing your mastery of script kiddie-dom by advertising that you have compromised the site???

There are also valid questions here for the Perl community about trust...

ObConspiracyTheory: This is part of a Microsoft anti Open Source campaign. One of their difficulties is that people think open source software is more secure than Microsoft software. With recent high profile but non-destructive attacks on Sourceforge, Apache and CPAN, they cast doubt on the security of open source software, while doing no financial damage so there is guaranteed to be no FBI investigation to catch them...

  • Comment on Re (tilly) 1: search.cpan.org site attacked? Why?

Replies are listed 'Best First'.
Re: Re (tilly) 1: search.cpan.org site attacked? Why?
by xphase_work (Pilgrim) on Jun 11, 2001 at 22:27 UTC
    With recent high profile but non-destructive attacks on Sourceforge [and] Apache

    While this looks bad, these sites were comprimised due to poor administration of Sourceforge, which was claimed to be comprimised through exodus.

    So while these may reflect poorly on the software, they should reflect on the Admins. Apache handled the attack well, with quick detection, little downtime, and by making sure their software repository was not affected.

    The only thing that I'm curious about is if the attacks are linked in anyway related... was the attacker the same, was access gained via the same method?

    Also, If you find a security proplem with a site, why exploit it? Why not let the Admins know, and allow them to fix the problem? I guess I just don't understand why make the attacks at all.

    -xPhase

    Edit by tye

[reply]

In Section Meditations