Shareaza

[Lanigiro]

The URL for Shareaza's source code has also changed. The "Code" link on the SF project page is even broken, pointing to what appears to be an empty repository. What the hell is going on here?

[Lanigiro]

Incidentally, assuming that binaries are still being distributed, whoever's monkeyed with Shareaza's SF project is likely causing SF to be in breach of Shareaza's license.

I would have thought SF would be quite hardened against the sort of attack that deletes big chunks of a project like that. Consider what we have seen. Someone broke into Sourceforge and tampered with a project's a) repository and b) commit log. This vandal merely deleted a bunch of stuff, which will probably be restored fairly soon from an off-site backup by SF admins. But suppose our foe had been craftier. Open source stuff mostly runs the 'net, and much of it is hosted at SF. The craftier foe might well have altered the code in a repository for such a project, not to merely trash files but to sneak in a back door, and then deleted not the whole commit log but only the entries relating to the insertion of the back door. Eventually, after a new version of that project's software had been pushed out, the foe would have begun exploiting the back doors thus introduced into millions of internet hosts to create a high-bandwidth botnet or steal credit card numbers or something. Thus I expect SF to be hardened enough to make attacks of this sort, which are capable of altering either repositories or commit logs, extremely difficult.

And yet, today it seems someone did exactly that, probably at the behest of the **AA. Hmm.