After discrediting the last month the repository of the Linux kernel source code and web infrastructure Linux Foundation , became aware of an attack on another project with open source.
Project WineHQ, manager of software that allows users to Linux, Mac, FreeBSD and Solaris applications to run Windows, informs that a violation of the security of their database.
“At the moment, we know that someone could gain unauthorized access to the tool PhpMyAdmin”, – says developer Jeremy White. ”We do not know exactly how he gained access, whether it was compromised by the Administrator account or using an exploit for unpatched vulnerabilities PhpMyAdmin”.
He noted that they do not believe that the attackers could gain access to the system or in any other way, but it was enough that they can get full information on all accounts, databases and Wine Application Bugzilla.
“This means that they have access to all e-mails, as well as to all passwords,” – he told and added that, despite the fact that the stolen passwords were encrypted, password-protected poorly can be broken if the attacker exert enough effort. Thus, in the WineHQ canceled all passwords and notified the of its users.
At the same time, the Fedora Project has announced that they are asking users to change passwords and download a new public key SSH until November 30 to their accounts to continue their work.
This step does not involve breaking or disclosure of a vulnerability, they say. This is a precaution that would force users to “reconsider their security settings and go to work best with their computers.”
“Some of our users may have accounts on the newly compromised sites of important Linux, and we want to make sure that any of their SSH-keys or passwords used in the infrastructure of Fedora, not stolen, as a result of these incidents,” – explained they, and laid down new rules for choosing passwords: at least 9 characters, if you use uppercase and lowercase letters, numbers and various symbols, and not less than 20 characters if you use only lower case letters.