Language Selection

English French German Italian Portuguese Spanish

WineHQ database compromise

Filed under

I am sad to say that there was a compromise of the WineHQ database system.

What we know at this point that someone was able to obtain unauthorized access to the phpmyadmin utility. We do not exactly how they obtained access; it was either by compromising an admins credentials, or by exploiting an unpatched vulnerability in phpmyadmin.

We had reluctantly provided access to phpmyadmin to the appdb developers (it is a very handy tool, and something they very much wanted). But it is a prime target for hackers, and apparently our best efforts at obscuring it and patching it were not sufficient.

So we have removed all access to phpmyadmin from the outside world.

We do not believe the attackers obtained any other form of access to the system.

Rest here

More in Tux Machines

Subresource Integrity Support Ready For Firefox 43, Chrome 45

With the upcoming releases of the Mozilla Firefox and Google Chrome web-browsers is support for the W3C Subresource Integrity (SRI) specification. The Subresource Integrity feature allows web developers to ensure that externally-loaded scripts/assets from third-party sources (e.g. a CDN) haven't been altered. The SRI specification adds a new "integrity" HTML attribute when loading such assets where you can specify a hash of the file source expected -- the loaded resource must then match the hash for it to be loaded. Read more

today's leftovers

Linux Switches/Routers

today's howtos