Backdoor Found In OpenX Ad Platform 43
mask.of.sanity writes "A backdoor has existed for at least seven months in a platform sold by OpenX, the self-described global leader of digital advertising which counts the New York Post, Coca Cola, Bloomberg and EA among its customers. The backdoor was contained within the official OpenX package and recently removed. Security researchers say it meant those who downloaded the compromised software could have provided attackers full access to their web sites."
interestingly, has always been open source (Score:5, Interesting)
OpenX makes an interesting example of a technically open-source project that fails to benefit from open-source much at all. It's GPL'd, but they don't support any kind of public development (no public revision-control systems or anything), and they even make you register to download the source [openx.com]. The page where you do so mostly just tries to convince you not to do so. A third-party site mirrors the open-source version [opensource.be] for no-login downloads, but it seems just out of personal interest, since he's the developer of a predecessor to OpenX. It's not clear there is anybody who cares about this codebase or ever looks at it outside the company. Hence, technically open-source, but trying as hard as possible not to be.
Everything has "Hidden Backdoors" in it... (Score:3, Interesting)
Re:interestingly, has always been open source (Score:4, Interesting)
Having said that, I don't see much there that is newer than the official "community" release.
Re:interestingly, has always been open source (Score:5, Interesting)
I'm the third party you're talking about, the developer of phpAdsNew. Sadly, things took a turn for the worse when the company OpenAds (now OpenX) decided to make a business out of the advertising server. Although they've made a lot of money, the open source version has been neglected completely.
I put the download page online because I didn't like the fact that you had to register, but I'm haven't been involved in the project since 2002, so there's not much I can do about this shameful bug.