ubuntu forum **Important **
Tom Davies
tomdavies04 at yahoo.co.uk
Thu Jul 25 13:15:11 UTC 2013
Hi :)
Something i do find interesting about this is in comparing it against what happens in normal companies.
For example when Sony or whoever found all their clients (mostly kiddies dads/mums) bank account details had been captured and that Sony's policy had been to keep that sort of thing in unencrypted text-files. At first a seemingly unending strem of denials that a security breach had occurred at all. Then denials about data having been copied and promises that it was all ok and safe. Then some attempt at claiming that no-one could read text-files. Plus attempts to say that their leaky sieve had been fixed even while more YouTube videos were appearing to say how to break in again. Lol, ok so perhaps quite an exaggeration!! lol
However compare that against UbuntuForums that doesn't even have bank addresses or even home addresses. No denials, no fuss, no steadily growing escalation, just drop the site instantly and send out warnings (that seem to be turning out to be overly paranoid rather than being understatements)
Meanwhile users are going out spreading the word onto other mailing list and taking it wider and wider even though they know that it will be used in FUD campaigns for years and years into the future and that used to try to undermine everything Ubuntu do.
That is part of the reason i prefer OpenSource ways. The number 1 concern is for security and part of that is honesty, integrity and good communication. The corporate way is to cower and hide or 'spin' the truth to avoid scaring potential investors and share-holders. it's partly the share-holders fault for being so skittish. It sometimes seems they want to devalue their own stock by panicking and asking people how fast they should drop their shares. On all the other mailing lists i am on i haven't heard a single person suggest leaving Ubuntu over this. In fact some that might have naturally drifted away to other distros have appeared to suddenly become determined to stick with it.
Going off on a tangent i occasionally do some work for a local charity that was given a 'present' of 5 desktops. So i have been installing Ubuntu onto all of them but going for the 13.04 instead of the 12.04 that i meant to do. Actually i am quite glad because there are some new things in the installer, such as LVM as a default option. From completely wiped hard-drives to usable systems took about under 2 hours. These are slow old machines, 7200 rpm drives. Now i have to install Win7 which will doubtless take a LOT longer. :)
Regards from
Tom :)
>________________________________
> From: Conno B. <conno.boel at solcon.nl>
>To: Tom Davies <tomdavies04 at yahoo.co.uk>; Ubuntu Team <ubuntu-doc at lists.ubuntu.com>
>Sent: Wednesday, 24 July 2013, 13:06
>Subject: Re: ubuntu forum **Important **
>
>
>
>Hi Tom (and list)
>
>Thanks for the quick answer!
>
>Yeah, I'll wait with asking the really hard questions
until they're finished with repairing too, I guess.
>maybe /if any of them reads this/ would it be an idea to
have the forums run in a kind of "safe mode" first, when they're
up?
>
>Hm, I don't have any active accounts, besides my
Ubuntu-one. I think maintaining a lot of accounts is a hassle
>.<
>From what I know, neither of these two are at direct risk,
am I right?
>
>yeah, my senior always told me:
>"in case of trouble, get a pot 'o' coffee, sit down, and
wait until there's no-one pressuring you"
>So, no, I wasn't actually planning on storming the actual
maintainers with questions now >.<
>
>And I know that there's more sources out there (Thank
open-source :D)
>But I actually also found a halfway-around, you can use
google cache to (up to a certain level) gain acess to posts,
>so for now, that way is good enough for me :D
>
>greetings,
>Cornelis
>
>//Extra info - spoiler alert//
>The reason I'll persist in asking said questions, is that
I have a low-latency freelance job as writer for a dutch PC-mag.
>so, since my redaction said they'd be interested if I
could fish out details, I'd thought to go ahead and ask stuff
>.<
>
>
>From: Tom Davies
>Sent: Wednesday, July 24, 2013 12:48 PM
>To: Conno B. ; Team, Ubuntu
>Subject: Re: ubuntu forum **Important **
>
>
>Hi
:)
>At a guess i would say they are going to stay down for around a
week. When i said about changing all my passwords i said that i would
change them now and then again in about 2 weeks just to make sure my new
passwords hadn't been harvested by some lingering intrusion. it looks like
the site maintainers had roughly the same thought and are keeping it down to
ensure that when they do come back up they don't have to suddenly go down again
due to some secondary or lingering problem.
>
>Someone contacted me
off-list to ask how to change their password for this list too and i really
hadn't thought about it. I have changed it now but my first thought was to
change all the Launchpad and other Ubuntu logins.
>
>Personally i
would avoid hassling the site maintainers about the issue as they obviously have
a lot of work to do and doubtless feel really awful about it. If you ask
them they are likely to feel even more pressured than they already do.
>
>There is a ton of "Community Documentation", there are the Launchpad
"Answers" and
>http://www.linuxquestions.org
>and a ton of other stuff out
there. Take this as an opportunity to explore and find the types of things
that noobs might find. I found Kioskea giving some really really bad and
even dangerous advice but they fairly quickly booted me out because they didn't
like my answers. Clearly they don't have many (if any) people that have
used any Gnu&Linux but still feel able to give advice about it.
>
>Regards from
>Tom :)
>
>
>
>
>
>
>
>>________________________________
>> From: Conno B. <conno.boel at solcon.nl>
>>To: "Team, Ubuntu" <ubuntu-doc at lists.ubuntu.com>
>>Sent: Wednesday, 24 July 2013, 9:46
>>Subject: Re: ubuntu forum **Important **
>>
>>
>>
>>Hi all,
>>
>>This is quite the predicament. I didn't have a Ubuntu forums account, but them being down still cuts my information sources for both ubuntu and Debian in half.
>>Now, seeing how my interests are, I would like to ask: Does anyone know more?
>>Like, How, Why and What exactly happened?
>>Who found out? Who did it?
>>I know not all questions can be answered, but I would really like to know all this~
>>
>>Or does anyone know where I can find people who I can ask this?
>>
>>Greetings,
>>Cornelis
>>
>>
>>From: Phill Whiteside
>>Sent: Sunday, July 21, 2013 3:34 AM
>>To: Team, Ubuntu
>>Subject: ubuntu forum **Important **
>>
>>Hi,
>>
>>
>>well what can I say?
>>
>>
>>Sorry if you get this more than once... but as the key phrase is:
>>
>>
>> * Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
>>I have sent it to all the mailing lists I know of, please do pass it on to others.
>>
>>
>>Regards,
>>
>>
>>Phill.
>>Ubuntu Forums is down for maintenance
>>There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.
>>What we know
>> * Ubuntu Forums is down for maintenance
>>There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.
>>What we know
>> * Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
>> * The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
>> * Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.
>>Progress report
>> * 2013-07-20 2011UTC: Reports of defacement
>> * 2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues.If you're using Ubuntu and need technical support please see the following page for support:
>> * Finding Help .
>>If you're looking for a place to discuss Ubuntu, in the meantime we encourage you to check out these sites:
>> * The Ubuntu subreddit
>> * The Ubuntu Community on Google+
>> * Ubuntu Discourse The passwords are not stored in plain text. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
>> * Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.
>>Progress report
>> * 2013-07-20 2011UTC: Reports of defacement
>> * 2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues.If you're using Ubuntu and need technical support please see the following page for support:
>> * Finding Help .
>>If you're looking for a place to discuss Ubuntu, in the meantime we encourage you to check out these sites:
>> * The Ubuntu subreddit
>> * The Ubuntu Community on Google+
>> * Ubuntu Discourse
>>
>>--
>>https://wiki.ubuntu.com/phillw
>>________________________________
>> --
>>ubuntu-doc mailing
list
>>ubuntu-doc at lists.ubuntu.com
>>https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc
>>
>>--
>>ubuntu-doc mailing list
>>ubuntu-doc at lists.ubuntu.com
>>https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-doc/attachments/20130725/bb995df8/attachment-0001.html>
More information about the ubuntu-doc
mailing list