(old)Puppy Linux Discussion Forum

READ-ONLY Archive
https://oldforum.puppylinux.com/

Ubuntu Web-facing Software Security Breach

https://oldforum.puppylinux.com/viewtopic.php?t=87553

Page 1 of 1

Ubuntu Web-facing Software Security Breach

Posted: Mon 22 Jul 2013, 01:19
by Sky Aisling
Not sure if this belongs in Puppy security forum.
The reason why I posted here is because of Canonical 's comments about stolen passwords.

http://ubuntuforums.org/announce.html
Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.
What we know

Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.

The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.

Posted: Mon 22 Jul 2013, 01:46
by James C
Earlier thread at
http://www.murga-linux.com/puppy/viewto ... 692#714692

Ubuntu Security Breach

Posted: Mon 22 Jul 2013, 01:49
by Sky Aisling
Thank you, James C.
I did a search on this part of the forum, but, didn't pull up anything about this Ubuntu breach.

To whomever is moderating this portion of the forum, please feel free to delete this thread.

Sky

Posted: Mon 22 Jul 2013, 01:56
by James C
Might as well leave it...... fairly important issue and it'll more likely be noticed with 2 threads.

Ubuntu Security Breach

Posted: Mon 22 Jul 2013, 02:06
by Sky Aisling
OK,
However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
I have a naive question:
Does this mean, for example, if I use the same password for Ubuntu Forum as I use with an email account or a Puppy Forum account that a hacker could take over my identity in those venues?

I did just now changed my Puppy Forum password to be on the safe side.

Also, on a related subject...I've never felt passwords were all that secure anyway. Years ago, way back in the legacy computer days, we had simple code breakers that we used routinely to break internal company passwords. For example, when an IT employee quit and left in a huff and didn't leave his/her passwords, we just went in and busted the locks. No big deal.

Those were the prehistoric days when legacy computers roamed the earth.

ubuntu forums hacked

Posted: Mon 22 Jul 2013, 03:18
by cowboy
Sky Aisling,

I'd encourage you to modify the title of this thread in the interests of accuracy. It was the web-facing software that ran the Ubuntu Forums (vbulletin, I believe) that was hacked. The Ubuntu OS itself was not hacked; some readers might find the thread title a bit concerning. All the best.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited