Open source WineHQ database breached
Emails, passwords of AppDB, Bugzilla users stolen
Computerworld - For the second time in two months, a major open-source project has been breached. This time, the victim is the WineHQ project, which manages Wine, an open-source technology that lets users install and run Windows applications on Linux, Mac, Solaris and other operating systems.
WineHQ earlier this week disclosed that someone had managed to break into one of its database systems and gain access to an open-source PHP tool that allows remote management of databases.
In a note announcing the flaw, Wine developer Jeremy White said it's unclear how the intruder was able to gain unauthorized access to the PHP utility. "It was either by compromising an admin's credentials, or by exploiting an unpatched vulnerability in phpmyadmin," White wrote.
White is also the founder and CEO of Codeweavers, a company that sponsors the Wine project.
WineHQ had "reluctantly" decided to allow application developers to remotely access the PHP utility because it is "a very handy tool, and something they very much wanted," White said. "But it is a prime target for hackers, and apparently our best efforts at obscuring it and patching it were not sufficient."
According to White, there appears to be no immediate evidence of harm to any databases, though it would have been relatively easy for malicious hackers to cause damage.
However, the attackers managed to harvest all the login information of users of the Wine Application Database (AppDB) and Bugzilla, the WineHQ bug tracking system, White added. "This means that they have all of [the email addresses], as well as the passwords," of AppDB and Bugzilla users, he said.
"The passwords are stored encrypted, but with enough effort and depending on the quality of the password, they can be cracked," White said. "This, I'm afraid, is a serious threat; it means that anyone who uses the same email/password on other systems is now vulnerable to a malicious attacker using that information to access their account."
WineHQ is resetting the passwords of all affected users, he added.
WineHQ is the second open-source project to be breached in the past two months. In August, hackers broke into Kernel.org, the home of the Linux project, and gained administrative access to several servers within the Kernel.org infrastructure.
That breach led to a subsequent breach that resulted in several websites, including Linux.com and LinuxFoundation.org, being pulled offline in September.
WineHQ is hosted on SourceForge, an open-source software development site that hosts more than 260,000 open-source projects. SourceForge itself was hacked in January in an attack that some believe might have been intended to corrupt projects hosted on the site. It wasn't immediately clear if this week's WineHQ breach was related in any way to the attack on SourceForge. White did not immediately respond to a request for comment.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Cybercrime and Hacking White Papers | Webcasts