https://news.ycombinator.com/item?id=12215449
It turns out that some attackers managed to breach FossHub, uploading for a short time compromised copies of popular software. This doesn't mean the software itself is compromised, only the copies supplied via FossHub as a download mirror. Notably, ClassicShell and Audacity have been hit.
The attack appears to remove the partition table (MBR at this time; not sure about GPT) on infected systems requiring some effort to repair. Incorrectly repairing and replacing the partition table can destroy data. Be sure to keep backups.
As of this writing, ClassicShell is aware of the problem and has removed the FossHub mirrors. Although, it doesn't really matter--FossHub may still be offline.
It is currently Sat Apr 20, 2024 6:56 am
ClassicShell, Audacity mirror downloads compromised
1 post
• Page 1 of 1
ClassicShell, Audacity mirror downloads compromised
by Zancarius » Wed Aug 03, 2016 11:08 am
I gave that lich a phylactery shard. Liches love phylactery shards.
-
Zancarius - Site Admin
- Posts: 3907
- Joined: Wed Jul 05, 2006 3:06 pm
- Location: New Mexico
- Gender: Male
1 post
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 4 guests