Ubuntu Forums - FYI

Ryan Gauger rtgkid at outlook.com
Tue Jul 23 15:48:00 UTC 2013 

Could we please end this thread???

--------------------------------------------------------------------------------------------------------------------------------------Until the whole world hears,Ryan GaugerNashville Notes Homeschool Band Public Relationswww.NashvilleNotes.org

Date: Tue, 23 Jul 2013 11:38:28 -0400
Subject: Re: Ubuntu Forums - FYI
From: saqman2060 at gmail.com
To: ubuntu-users at lists.ubuntu.com

Lol
On Jul 23, 2013 11:13 AM, "Basil Chupin" <blchupin at iinet.net.au> wrote:

On 22/07/13 19:47, Patrick Asselman wrote:


On 2013-07-21 19:13, Istimsak Abdulbasir wrote:


On Jul 21, 2013 10:28 AM, "Basil Chupin" <blchupin at iinet.net.au> wrote:


On 21/07/13 23:32, compdoc wrote:




Doesn't really answer the question: what system is this vBulletin being


run on? Windows?



I doubt a community that loves linux would run their systems on windows.




What I am surprised about is that I would have expected an avalanche of posts stating that vBulletin is being run on a server using Linux but so far no one has come up with such an assurance which indicates to me that Windows is involved.




What is that (?)annual competition for hackers where the first prize offered is the latest model of a well known brand of laptop and where, at all such competitions, the first system to be hacked is Windows (the last time it took someone less than 2 minutes to hack it) followed by Apple, which took a just a bit longer, and Linux has yet to be hacked?




BC




Nothing is unhackable. It does not matter what system you use, linux,

windows or MacOS. All it takes is time and determination. Linux is by

far the best system to use for security implementation. It has many

options. The well known one is requiring root privilege for system

configuration. That is if the user knows what they are doing.



In the case of the ubuntu forums, vbulletin was the victim and it was

said that this software was outdated. Why canonical did not recognize

this is a big question. Even on a secure system, if the user or admin

don't take all the necessary steps to insure strong security, then

anything can be hacked. This is not a reason. Remember, the system

offers option of security. It is the user that needs to know how to

use it.






I agree with the statement that nothing is unhackable. But I doubt Linux is the best system to use for secure implementations. It all depends on what you are trying to achieve with the system. There are far more secure systems than Linux, but most of them don't run a web server on the internet ;-)




The cause is indeed said to be due to vBulletin forum software that had not received the latest security patches. ref: http://www.omgubuntu.co.uk/2013/07/ubuntu-forum-hacked-users-advised-to-change-passwords  This does not necessarily mean that the Ubuntu team was lax, security patches are released all the time. It may just mean this hacker exploited faster than they patched.




The hacker goes by the nickname of "Sputn1k_". His(?) Twitter account was taken offline, but he has twittered "You can stop worrying about your passwords. Yes, they were encrypted. Encrypted with the default vBulletin hashing algorithm (md5(md5($pass).$salt). Whilst it may not be the strongest, when you're dealing with 1.8m users it would take a very long time to get anywhere with the hashes. You don't have to worry about a DB leak. That isn't how I like to do things." Of course if you are clever you dont trust what this person says and take your own precautions regardless ;)   Google cache may still work as reference: http://webcache.googleusercontent.com/search?q=cache:Tv6iViVq598J:https://twitter.com/Sputn1k_+&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a




Why hackers do this? I can think of a few reasons. If you are lucky they do it to show that a site needs better security, and that is all. More realistically they do it to harvest active email addresses that they can sell to spammers. Sometimes hackers want to get attention and put up some political statement on a much-visited site. Some hackers may want to get into a system and place a backdoor entrance so they can come back later and maybe modify some source code (but those are not likely to deface a page like this). Worst case, they will analyse the obtained data in detail, try to decode passwords, and try and make the most of it.




@BC: you really need to read up on system security, considering the naive statements you are making!




Don't be a smartarse.



BC



-- 

Using openSUSE 12.3, KDE 4.11.0 & kernel 3.10.1-3 on a system with-

AMD FX 8-core 3.6/4.2GHz processor

16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM

Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU







-- 

ubuntu-users mailing list

ubuntu-users at lists.ubuntu.com

Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users



-- 
ubuntu-users mailing list
ubuntu-users at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20130723/d77c566c/attachment.html>

More information about the ubuntu-users mailing list