Ubuntuforums hacked - How to avoid that here

Have something to say about forums.debian.net itself?

Ubuntuforums hacked - How to avoid that here

Postby ravisista » 2013-07-22 17:15

http://ubuntuforums.org/announce.html

Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated with progress reports.
What we know

Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.


How can we make sure it wouldn't happen here? Thanks.
ravisista
 
Posts: 51
Joined: 2009-02-24 14:03

Re: Ubuntuforums hacked - How to avoid that here

Postby edbarx » 2013-07-22 17:21

Once a computer is connected to the internet, the risk is there. Security can be improved, but it cannot be made absolute.
Debian == { > 30, 000 packages }; Debian != systemd
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.
User avatar
edbarx
 
Posts: 5389
Joined: 2007-07-18 06:19
Location: 35° 50 N, 14 º 35 E

Re: Ubuntuforums hacked - How to avoid that here

Postby dasein » 2013-07-22 17:24

ravisista wrote:How can we make sure it wouldn't happen here? Thanks.

At the risk of stating the obvious, "we" can't. There is nothing that users of any online system can do to prevent the system itself from being compromised. That's the system administrator's job.
User avatar
dasein
 
Posts: 7775
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: Ubuntuforums hacked - How to avoid that here

Postby 3ur0(|yd0n » 2013-07-22 18:04

"We" can be used figuratively.

E.g., if one person asks another, "How are we doing today?", it is generally understood that the person is asking for a response from the other person about the other person, rather than asking how the both of them are doing together.

Apparently, the Ubuntu forum used "an outdated version of vbulletin which left their admin panel unsecured".

It may be that the OP is merely asking whether or not such vulnerabilities have been taken into consideration by the admin of this forum, as opposed to suggesting that we can collectively stop such hacking attempt.
Debian (Jessie) XFCE § Stupid Old Computer § 3GB RAM § Inept Graphics Card - But I Can Play UT GOTY
User avatar
3ur0(|yd0n
 
Posts: 12
Joined: 2013-06-25 16:44

Re: Ubuntuforums hacked - How to avoid that here

Postby ravisista » 2013-07-22 18:12

3ur0(|yd0n wrote:"We" can be used figuratively.

E.g., if one person asks another, "How are we doing today?", it is generally understood that the person is asking for a response from the other person about the other person, rather than asking how the both of them are doing together.

Apparently, the Ubuntu forum used "an outdated version of vbulletin which left their admin panel unsecured".

It may be that the OP is merely asking whether or not such vulnerabilities have been taken into consideration by the admin of this forum, as opposed to suggesting that we can collectively stop such hacking attempt.


Exactly. My original question was aimed towards the System admins of this forum.
ravisista
 
Posts: 51
Joined: 2009-02-24 14:03

Re: Ubuntuforums hacked - How to avoid that here

Postby dasein » 2013-07-22 18:44

ravisista wrote:Exactly. My original question was aimed towards the System admins of this forum.

Then the question goes from being misdirected to being both misdirected and moot, since the "sysadmin" hasn't logged in for ~2 months.
User avatar
dasein
 
Posts: 7775
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: Ubuntuforums hacked - How to avoid that here

Postby cynwulf » 2013-07-22 20:33

ravisista wrote:How can we make sure it wouldn't happen here? Thanks.

By not using overpriced proprietary bulletin board software (while pretending to be an organisation which cares about free software...)
cynwulf
 
Posts: 2396
Joined: 2008-09-25 08:49

Re: Ubuntuforums hacked - How to avoid that here

Postby ComputerBob » 2013-07-22 21:09

cynwulf wrote:
ravisista wrote:How can we make sure it wouldn't happen here? Thanks.

By not using overpriced proprietary bulletin board software (while pretending to be an organisation which cares about free software...)

While also understanding that the free, open source forum software that this forum uses (phpBB) has also had its share of catastrophic security vulnerabilities in the past, and should always be updated to its newest, most-secure version.
ComputerBob - Making Geek-Speak Chic (TM)
ComputerBob.com
My New Ministry
User avatar
ComputerBob
 
Posts: 1189
Joined: 2007-11-30 04:49
Location: The Beautiful Sunshine State

Re: Ubuntuforums hacked - How to avoid that here

Postby bw123 » 2013-07-22 21:38

A security breach and "hacked" could mean two different things... kind of interesting I guess but if I click it will probably show me a bunch of lame ads.

"Attacked" or "hacked" sounds a lot better than, "we gave everybody admin access and they just took it.
Last edited by bw123 on 2013-07-22 21:57, edited 1 time in total.
User avatar
bw123
 
Posts: 2479
Joined: 2011-05-09 06:02
Location: TN_USA

Re: Ubuntuforums hacked - How to avoid that here

Postby Soapm » 2013-07-22 21:53

bw123 wrote:A security breach and "hacked" could mean two different things... kind of interesting I guess but if I click it will probably show me a bunch of lame ads.


i guess they still have to pay the bills...
User avatar
Soapm
 
Posts: 494
Joined: 2012-05-22 04:23

Re: Ubuntuforums hacked - How to avoid that here

Postby G-Known » 2013-07-25 03:50

After all, we're all volunteers who spare some time managing this website and maintaining security threshold. However hackers are people who spend their time trying to perform intrusive methods on compromising websites; compare this feat on hacking Microsoft which is elevated to more layers of firewalls and elaborate system on preventing intruders.

It's what they say: popularity means attention to the public whether malicious or not.
Debian Jessie
Asus Zenbook UX305FA-ASM1
Intel Core M 5Y10; Intel HD Graphics 5300
User avatar
G-Known
 
Posts: 178
Joined: 2012-10-26 04:59
Location: Brooklyn, New York


Return to Forum stuff & feedback

Who is online

Users browsing this forum: No registered users and 1 guest

fashionable