CLickable:

Info: http://sourceforge.net/apps/wordpress/sourceforge/2011/01/27...

http://blog.sucuri.net/2011/01/sourceforge-net-servers-compr...

http://developers.slashdot.org/story/11/01/27/2059200/Source...

This was posted a few days ago, probably related:

"sourceforge entry point seems still active."

http://seclists.org/fulldisclosure/2011/Jan/424

http://extraexploit.blogspot.com/2011/01/sourceforge-entry-p...

As far as I could tell, that post was just about one specific SF project that had a vulnerable PHP CMS installed on their web space. It's possible that the more general problem of projects being allowed to install/manage their own software got leveraged into a larger exploit, though.

Just yesterday, I checked out the latest version of Spim (9.0, now with Qt GUI!) from Sourceforge svn. Now I can audit the source, or just hope that attackers just wouldn't bother installing backdoors in such a minority program. I think I'll do the latter.

>"SPIM is a MIPS processor simulator, designed to run assembly language code for this architecture. The program simulates R2000 and R3000 processors, and was written by James R. Larus [...]"

http://en.wikipedia.org/wiki/SPIM

Spim! Nice to hear it's still being worked on.

The Qt GUI is nice; however, what I need more is support for acceptance testing of programs generated by the students' compilers. I guess I'll just diff the output of command-line spim like last year.

Is there a place where I can see a list of sourceforge project names? I'd really like to merge that with my list of applications now.