Skip to main content

SourceForge accused of hijacking Nmap project account

Open source software download site SourceForge has come under criticism again, this time for allegedly taking over the account of the Nmap security auditing software, according to its developer in an email to users.

The news comes days after SourceForge was accused of “hijacking” the account of image editing program, GIMP and bundling it in a downloader with adware. According to a report from Ars Technica, SourceForge has been assuming control of pages that are inactive.

Related Videos

“The old Nmap project page is now blank,” said Nmap’s developer Gordon “Fyodor” Lyon, who posted on Seclists after making the discovery. He claims that SourceForge, which is owned by Slashdot Media, has moved all of Nmap’s content to a new page that only SourceForge has control of.

“So far they seem to be providing just the official Nmap files (as long as you don’t click on the fake download buttons) and we haven’t caught them trojaning Nmap the way they did with GIMP,” he said. “But we certainly don’t trust them one bit!”

Lyon added that he will ask Sourceforge to remove the new page and directed users to the official Nmap website for downloading the program.

In response, SourceForge’s senior director of business development Roberto Galoppini stated that it has never modified the Nmap project at all.

“We find no indication that the “nmap” project has ever contained files, delivered any downloads, or had any changes made aside from the automated migration from our old SourceForge platform to the new platform which is powered by Apache Allura,” he wrote in a reply to Ars Technica’s queries.

“At the end of 2011, we established a SourceForge-hosted mirror of the nmap software, using verbatim copies of nmap’s releases, and have continued to keep that mirror up-to-date since.”

Earlier this week, SourceForge also published a blog stating that from now on any third party offers for un-maintained SourceForge projects will be opt-in only. This was in response to bundling ads with GIMP.

The code repository was sharply criticized for its practice when it was revealed that the Windows version of GIMP was archived on a SourceForge mirror site and loaded with third party ads, or adware. Sourceforge had done so as the GIMP page on its site had been left unmaintained with the program now usually downloaded elsewhere.

Editors' Recommendations

GPT-4: how to use, new features, availability, and more
A laptop opened to the ChatGPT website.

ChatGPT-4 has officially been announced, confirming the longtime rumors around its improvements to the already incredibly impressive language skills of OpenAI's ChatGPT.

OpenAI calls it the company's "most advanced system, producing safer and more useful responses." Here's everything we know about it so far.

Read more
How Microsoft 365 Copilot unleashes ChatGPT from its restraints
Copilot in Microsoft Word generating results.

Thanks to ChatGPT, natural language AI has taken the world by storm. But so far, it's felt boxed in. With these chatbots, everything happens in one window, with one search bar to type into.

We've always known these large language models could do far more, though, and it was only a matter of time until that potential was unlocked. Microsoft has just announced Copilot, its own integration of ChatGPT into all its Microsoft 365 apps, including Word, PowerPoint, Outlook, Teams, and more. And finally, we're seeing the way generative AI is going to be used more commonly in the future -- and it's not necessarily as a straightforward chatbot.
Bringing natural language into apps

Read more
Firefox just got a great new way to protect your privacy
Canva in Firefox on a MacBook.

If you’re fed up with signing up for new accounts online and then being perpetually spammed in the days and weeks after, Mozilla has an idea that could help. The company has just announced its Firefox Relay feature is being directly integrated into its Firefox web browser, and it could help guarantee your privacy without any extra hassle.

Firefox Relay works by letting you create email “masks” when you sign up for new accounts. Instead of entering your real credentials into the sign-up field, Firefox Relay provides you with a throwaway address and phone number to use. Any messages from the website -- such as purchase receipts -- are then forwarded to your real email address, with all the sender’s tracking information stripped out to protect your privacy.

Read more