SecurityFocus.com: SourceForge, Apache hacker: Nothing personal, it just worked out that way.

Jun 09, 2001, 16:30 (6 Talkback[s])
(Other stories by Joe Barr)

[ Thanks to Joe Barr for this link. ]

Fluffy Bunny is the person who compromised SourceForge, Apache.org, and themes.org. Joe Barr managed an IRC interview with someone who purports to be Fluffy Bunny and learned that the cracker's motivation for compromising the sites was among the most pragmatic: they were there.

"...In an online IRC interview, the cracker known ominously as "Fluffy Bunny" characterized his attacks as a strike against public disclosure of security holes. "i hack, dot slash or whatever you might want to call it, i do not write my own exploits, i use other people's stuff, and no im not anti-open source, i am however anti-sec. i support the anti-disclosure movement among the computer and network security communities," Bunny wrote.

Of Fluffy Bunny's recent victims, only VA Linux's Themes.org site is still down, closed for "technical problems." The company says it cannot comment until an investigation is completed."

Complete Story

Related Stories:

• SecurityPortal: A Matter of Trust: How Apache.org Was Compromised(Jun 07, 2001)
• SourceForge Outlines Nature of Shell Server Compromise(May 31, 2001)
• ApacheToday: Apache Software Foundation Server compromised, resecured.(May 31, 2001)