WineHQ database compromise - One More Linux Project Fail
Jeremy White, Codeweavers Founder has announced that access to the WineHQ database has been compromised. "On the one hand, we saw no evidence of harm to any database. We saw no evidence of any attempt to change the database (and candidly, using the real appdb or bugzilla is the easy way to change the database). Unfortunately, the attackers were able to download the full login database for both the appdb and bugzilla. This means that they have all of those emails, as well as the passwords. The passwords are stored encrypted, but with enough effort and depending on the quality of the password, they can be cracked." Anybody who has reused a password stored there probably wants to make some changes fairly soon.
Attackers have used phpMyAdmin, an open source database administration tool, to access the WineHQ project's database and harvest users' appdb and bugzilla access credentials. Wine (Wine Is Not an Emulator) is free open source software that allows users to run Windows applications on Linux and Unix by providing its own native replacements for Windows DLLs. Hosted on SourceForge, Wine source code is licensed under the LGPL. The Wine Project is sponsored by CodeWeavers, which also shares its own code updates with the Project.
Jeremy White, Codeweavers Founder has announced that access to the WineHQ database has been compromised. "On the one hand, we saw no evidence of harm to any database. We saw no evidence of any attempt to change the database (and candidly, using the real appdb or bugzilla is the easy way to change the database). Unfortunately, the attackers were able to download the full login database for both the appdb and bugzilla. This means that they have all of those emails, as well as the passwords. The passwords are stored encrypted, but with enough effort and depending on the quality of the password, they can be cracked." Anybody who has reused a password stored there probably wants to make some changes fairly soon.
Attackers have used phpMyAdmin, an open source database administration tool, to access the WineHQ project's database and harvest users' appdb and bugzilla access credentials. Wine (Wine Is Not an Emulator) is free open source software that allows users to run Windows applications on Linux and Unix by providing its own native replacements for Windows DLLs. Hosted on SourceForge, Wine source code is licensed under the LGPL. The Wine Project is sponsored by CodeWeavers, which also shares its own code updates with the Project.
Author Info
Mohit Kumar aka 'Unix Root' is Founder and Editor-in-chief of 'The Hacker News'. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks. Follow him @ Twitter | LinkedIn | Google | Email | Facebook Profile
