ubuntu forum **Important **

Tom Davies tomdavies04 at yahoo.co.uk
Sun Jul 21 09:44:33 UTC 2013 

Hi :)
I think it's crucial for everyone to change their passwords on all closely related sites when this sort of thing happens.  

This sort of thing used to be just a bit of playing around done by script kiddies and for kudos or a personal sense of accomplishment but nowadays this sort of attack is done on a commercial scale.  Organised criminals will gain access to one system in order to lookup and gain access to others and keep moving swiftly until they can reach something worth having.  

On Gnu&Linux systems it is difficult/almosty-impossible for an attacker to escalate the privileges of whichever login they do manage to compromise.  So, although many individuals in a gateway distro (such as Ubuntu) may have chosen their passwords unwisely it's unlikely the attackers will be able to compromise further services.  On the other hand if they have done it once they may have a method that works on other systems maintained by the same company/people.  

I couldn't find an easy way to change my other passwords but after a bit of digging got to this page
https://login.ubuntu.com/
Does that seem like the right place?  I have seen that page before and it looks legit but last time i was there i didn't take in many details so i have no way to be 100% certain it's not compromised.  

Typically with this sort of thing i change relevant passwords on-the-spot and then come back a week or 2 later and change them again, just to be certain that my 1st change didn't get hijacked.  
Regards from 
Tom :)  





>________________________________
> From: Phill Whiteside <PhillW at Ubuntu.com>
>To: "Team, Ubuntu" <ubuntu-doc at lists.ubuntu.com> 
>Sent: Sunday, 21 July 2013, 2:34
>Subject: ubuntu forum **Important **
> 
>
>
>Hi,
>
>
>well what can I say? 
>
>
>Sorry if you get this more than once... but as the key phrase is:
>
>
>	* Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
>I have sent it to all the mailing lists I know of, please do pass it on to others.
>
>
>Regards,
>
>
>Phill.
>Ubuntu Forums is down for maintenance
>There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.
>What we know
>	* Ubuntu Forums is down for maintenance
>There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.
>What we know
>	* Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
>	* The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
>	* Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.
>Progress report
>	* 2013-07-20 2011UTC: Reports of defacement
>	* 2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues.If you're using Ubuntu and need technical support please see the following page for support:
>	* Finding Help.
>If you're looking for a place to discuss Ubuntu, in the meantime we encourage you to check out these sites:
>	* The Ubuntu subreddit
>	* The Ubuntu Community on Google+
>	* Ubuntu Discourse
> The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
>	* Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.
>Progress report
>	* 2013-07-20 2011UTC: Reports of defacement
>	* 2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues.If you're using Ubuntu and need technical support please see the following page for support:
>	* Finding Help.
>If you're looking for a place to discuss Ubuntu, in the meantime we encourage you to check out these sites:
>	* The Ubuntu subreddit
>	* The Ubuntu Community on Google+
>	* Ubuntu Discourse
> 
>
>-- 
>https://wiki.ubuntu.com/phillw 
>-- 
>ubuntu-doc mailing list
>ubuntu-doc at lists.ubuntu.com
>https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-doc/attachments/20130721/2d29f878/attachment-0001.html>

More information about the ubuntu-doc mailing list