Feeds

Better safe than sorry: SourceForge pushes password reset

Site asks users to change up logins in security shakeup

The Power of One eBook: Top reasons to choose HP BladeSystem

Open Source software portal SourceForge is asking users to change their passwords following an update to the site's security systems.

The company said that it would require users to choose new passwords upon logging into their SourceForge user accounts.

The move comes as online retail giant eBay continues to wrestle with the fallout from a breach of its systems. That company admitted that it had been compromised, and that attackers were able to access database information that included encrypted passwords and physical address information.

More recently, eBay has moved to ward off claims that the attackers who perpetrated the breach were able to decrypt passwords and are now selling off the lifted data. Regardless, eBay users have been instructed to change their passwords as a precautionary measure.

According to SourceForge, no such breach is behind its decision to require users to change their passwords. Instead, the site said that it was implementing a new security system that will modify the way it handles and stores user credentials.

"To make sure we're following current best practices for security, we've made some changes to how we're storing user passwords," administrators said in a blog post announcing the move.

"As a result, the next time you go to login to your SourceForge.net account, you will be prompted to change your password. Once this is done, your password will be stored more securely."

When contacted, SourceForge said that the password updates were part of a previously plan, but announced security update rather than a reaction to eBay's recent trouble.

In the process of changing passwords, SourceForge is also asking users to choose a secure new password (as opposed to the incredibly weak ones users often select), and the site is reminding users of security best practices such as avoiding untrusted links and never sending password information in emails or entering them into suspicious recovery sites. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.