If the content can be shown to be present due to the actions of the YaPiG project site admins (e.g. using very weak passwords, being fooled by a sourceforge.net phishing site that steals passwords, putting the material up intentionally), a full code audit for everything from sourceforge.net is probably not necessary. -Eliah On 2/2/07, Michael Scheidell <scheidell@xxxxxxxxxx> wrote:
http://yapig.sourceforge.net/demo/photos/photos2291.html (no one under 18 should click on that link above, it may violate state laws doing so) Could someone from sourceforge.net comment? What else is compromised on the server? Can just anyone post anything to any directory or are there specific directories that can be hacked? Is it just yapig.sourceforge.net? Either case, I should suggest everyone be careful about what you download from sourceforge till they do a full code audit and post the results here. -- Michael Scheidell, CTO SECNAP Network Security 561-999-5000 x 1131 www.secnap.com
