Ubuntu Web-facing Software Security Breach

For discussions about security.
Post Reply
Message
Author
User avatar
Sky Aisling
Posts: 1368
Joined: Sat 27 Jun 2009, 23:02
Location: Port Townsend, WA. USA

Ubuntu Web-facing Software Security Breach

#1 Post by Sky Aisling »

Not sure if this belongs in Puppy security forum.
The reason why I posted here is because of Canonical 's comments about stolen passwords.

http://ubuntuforums.org/announce.html
Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.
What we know

Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.

The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.

Last edited by Sky Aisling on Mon 22 Jul 2013, 03:22, edited 1 time in total.

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#2 Post by James C »


User avatar
Sky Aisling
Posts: 1368
Joined: Sat 27 Jun 2009, 23:02
Location: Port Townsend, WA. USA

Ubuntu Security Breach

#3 Post by Sky Aisling »

Thank you, James C.
I did a search on this part of the forum, but, didn't pull up anything about this Ubuntu breach.

To whomever is moderating this portion of the forum, please feel free to delete this thread.

Sky

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#4 Post by James C »

Might as well leave it...... fairly important issue and it'll more likely be noticed with 2 threads.

User avatar
Sky Aisling
Posts: 1368
Joined: Sat 27 Jun 2009, 23:02
Location: Port Townsend, WA. USA

Ubuntu Security Breach

#5 Post by Sky Aisling »

OK,
However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
I have a naive question:
Does this mean, for example, if I use the same password for Ubuntu Forum as I use with an email account or a Puppy Forum account that a hacker could take over my identity in those venues?

I did just now changed my Puppy Forum password to be on the safe side.

Also, on a related subject...I've never felt passwords were all that secure anyway. Years ago, way back in the legacy computer days, we had simple code breakers that we used routinely to break internal company passwords. For example, when an IT employee quit and left in a huff and didn't leave his/her passwords, we just went in and busted the locks. No big deal.

Those were the prehistoric days when legacy computers roamed the earth.

User avatar
cowboy
Posts: 250
Joined: Thu 03 Feb 2011, 22:04
Location: North America; the Western Hemisphere; Yonder

ubuntu forums hacked

#6 Post by cowboy »

Sky Aisling,

I'd encourage you to modify the title of this thread in the interests of accuracy. It was the web-facing software that ran the Ubuntu Forums (vbulletin, I believe) that was hacked. The Ubuntu OS itself was not hacked; some readers might find the thread title a bit concerning. All the best.
[i]"you fix what you can fix and you let the rest go.."[/i] - Cormac McCarthy - No Country For Old Men.

Post Reply