Just try to imagine now what other projects might be compromised and what that could mean for Internet security...
On Wed, May 27, 2015 at 4:16 PM, Kevin A. McGrail <[email protected]> wrote: > Wow. Really living up to the forging of Source code... > > I've reached out to see if I can get control of the SA code and escalated > this to the ASF Board of Directors. This is unbelievable. > > Regards, > KAM > > > On 5/27/2015 6:59 PM, Joe Quinn wrote: > > > http://arstechnica.com/information-technology/2015/05/sourceforge-grabs-gimp-for-windows-account-wraps-installer-in-bundle-pushing-adware/ > > Sourceforge has been updating abandoned accounts of major projects and > adding their own advertising. The list of projects affected includes > (copied from the article): > > - Most of the Apache Foundation's projects—including Allura, Derby, > Directory Studio, the Apache HTTP server, Hadoop, OpenOffice, Solr, and > Subversion; > - The Mozilla Project's Firefox, Thunderbird, and FireFTP; > - The Evolution and Open-Xchange mail clients; > - The Drupal and WordPress content management systems; > - The Eclipse, Aptana, Komodo, MonoDevelop, and NetBeans integrated > development environments; > - The VLC, Audacious, Banshee.fm, Helix, and Tomahawk media players; > - The Reaver WPS Wi-Fi hacking tool; > - and a host of games, utilities, and other applications. > > SA has a repo on Sourceforge here: > http://sourceforge.net/projects/spamassassin/ > The latest version is 2.20, last update 2013-04-25. Thus far it appears to > have not been taken over and still serves a plain zip from the download > link. > > I recognize some of the listed authors, but I don't think any of them have > been active recently. Does anyone have access to this account so we can > maintain it or shut it down? > > > -- *Ken Simpson* CEO, MailChannels Tel: +1 604 685 7488 www.mailchannels.com Twitter <https://twitter.com/mailchannels> | LinkedIn <http://www.linkedin.com/company/mailchannels>
