SourceForge, Apache hacker: Nothing personal

SourceForge, Apache hacker: Nothing personal
Joe Barr, SecurityFocus 2001-06-07

'Fluffy Bunny' claims he didn't target the open source community for attack... It just worked out that way.

Expand all | Post comment

Can this guy be serious? 2001-06-08
Feh (1 replies)

Can this guy be serious? 2001-06-09
bofh (at) hell (dot) org [email concealed]

I hope they catch him because..... 2001-06-08
HaxorSmaxor

Fluffy sucks 2001-06-08
Along with a terrible handle.... (2 replies)

Fluffy sucks 2001-06-08
Flip

Fluffy sucks 2001-06-08
me

What a joke 2001-06-08
John

Script Kiddies 2001-06-09
Anonymous

heh what a joke 2001-06-09
prodigy

Anti-disclosure may be stupid but ... 2001-06-09
Dr.Zero

Stop asking why 2001-06-09
Srin Tuar

Why doesnt matter. Motivations for doing stupid things

are not worth overanalyzing, mainly because morality

is an ineffective security system.

The only thing that matters is how he did it: sniffing

from compromised intermediaries. There is nothing a host

can do to stop users from giving out their passwords,

except train them to only type in passwords from trusted

hosts.

Those sites could also filter logins from all but a handfull

of IP's. Part of being given an account would be an entry

in hosts.allow.

The next thing to do is compartmentalize users- local exploits are as bad as remote ones.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/215/5888#5888

Bunny is a lying script kiddie... 2001-06-09
Anonymous