Backdoor Found In OpenX Ad Platform 43
mask.of.sanity writes "A backdoor has existed for at least seven months in a platform sold by OpenX, the self-described global leader of digital advertising which counts the New York Post, Coca Cola, Bloomberg and EA among its customers. The backdoor was contained within the official OpenX package and recently removed. Security researchers say it meant those who downloaded the compromised software could have provided attackers full access to their web sites."
Re:interestingly, has always been open source (Score:3, Informative)
OpenX has been through many twists and turns. I started using it with my employer when it was called phpAdsNew; it then became OpenAds; then OpenX.
It gradually went from a passably supported and FOSS-minded project to a hybrid model, with the FOSS part atrophying very quickly. It became clear to us that this was a liability and we stopped using it. We're now actively avoiding hybrid models like this.
Finding a 7-month-old backdoor vindicates our suspicions.