Ubuntu Forums - FYI

Istimsak Abdulbasir saqman2060 at gmail.com
Tue Jul 23 15:38:28 UTC 2013 

Lol
On Jul 23, 2013 11:13 AM, "Basil Chupin" <blchupin at iinet.net.au> wrote:

> On 22/07/13 19:47, Patrick Asselman wrote:
>
>> On 2013-07-21 19:13, Istimsak Abdulbasir wrote:
>>
>>> On Jul 21, 2013 10:28 AM, "Basil Chupin" <blchupin at iinet.net.au> wrote:
>>>
>>>> On 21/07/13 23:32, compdoc wrote:
>>>>
>>>>  Doesn't really answer the question: what system is this vBulletin being
>>>>>>
>>>>> run on? Windows?
>>>>>
>>>>> I doubt a community that loves linux would run their systems on
>>>>> windows.
>>>>>
>>>>
>>>> What I am surprised about is that I would have expected an avalanche of
>>>> posts stating that vBulletin is being run on a server using Linux but so
>>>> far no one has come up with such an assurance which indicates to me that
>>>> Windows is involved.
>>>>
>>>> What is that (?)annual competition for hackers where the first prize
>>>> offered is the latest model of a well known brand of laptop and where, at
>>>> all such competitions, the first system to be hacked is Windows (the last
>>>> time it took someone less than 2 minutes to hack it) followed by Apple,
>>>> which took a just a bit longer, and Linux has yet to be hacked?
>>>>
>>>> BC
>>>>
>>>
>>> Nothing is unhackable. It does not matter what system you use, linux,
>>> windows or MacOS. All it takes is time and determination. Linux is by
>>> far the best system to use for security implementation. It has many
>>> options. The well known one is requiring root privilege for system
>>> configuration. That is if the user knows what they are doing.
>>>
>>> In the case of the ubuntu forums, vbulletin was the victim and it was
>>> said that this software was outdated. Why canonical did not recognize
>>> this is a big question. Even on a secure system, if the user or admin
>>> don't take all the necessary steps to insure strong security, then
>>> anything can be hacked. This is not a reason. Remember, the system
>>> offers option of security. It is the user that needs to know how to
>>> use it.
>>>
>>>
>> I agree with the statement that nothing is unhackable. But I doubt Linux
>> is the best system to use for secure implementations. It all depends on
>> what you are trying to achieve with the system. There are far more secure
>> systems than Linux, but most of them don't run a web server on the internet
>> ;-)
>>
>> The cause is indeed said to be due to vBulletin forum software that had
>> not received the latest security patches. ref:
>> http://www.omgubuntu.co.uk/**2013/07/ubuntu-forum-hacked-**
>> users-advised-to-change-**passwords<http://www.omgubuntu.co.uk/2013/07/ubuntu-forum-hacked-users-advised-to-change-passwords> This does not necessarily mean that the Ubuntu team was lax, security
>> patches are released all the time. It may just mean this hacker exploited
>> faster than they patched.
>>
>> The hacker goes by the nickname of "Sputn1k_". His(?) Twitter account was
>> taken offline, but he has twittered "You can stop worrying about your
>> passwords. Yes, they were encrypted. Encrypted with the default vBulletin
>> hashing algorithm (md5(md5($pass).$salt). Whilst it may not be the
>> strongest, when you're dealing with 1.8m users it would take a very long
>> time to get anywhere with the hashes. You don't have to worry about a DB
>> leak. That isn't how I like to do things." Of course if you are clever you
>> dont trust what this person says and take your own precautions regardless
>> ;)   Google cache may still work as reference: http://webcache.**
>> googleusercontent.com/search?**q=cache:Tv6iViVq598J:https://**
>> twitter.com/Sputn1k_+&cd=1&hl=**en&ct=clnk&gl=us&client=**firefox-a<http://webcache.googleusercontent.com/search?q=cache:Tv6iViVq598J:https://twitter.com/Sputn1k_+&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a>
>>
>> Why hackers do this? I can think of a few reasons. If you are lucky they
>> do it to show that a site needs better security, and that is all. More
>> realistically they do it to harvest active email addresses that they can
>> sell to spammers. Sometimes hackers want to get attention and put up some
>> political statement on a much-visited site. Some hackers may want to get
>> into a system and place a backdoor entrance so they can come back later and
>> maybe modify some source code (but those are not likely to deface a page
>> like this). Worst case, they will analyse the obtained data in detail, try
>> to decode passwords, and try and make the most of it.
>>
>> @BC: you really need to read up on system security, considering the naive
>> statements you are making!
>>
>
> Don't be a smartarse.
>
> BC
>
> --
> Using openSUSE 12.3, KDE 4.11.0 & kernel 3.10.1-3 on a system with-
> AMD FX 8-core 3.6/4.2GHz processor
> 16GB PC14900/1866MHz Quad Channel Corsair "Vengeance" RAM
> Gigabyte AMD3+ m/board; Gigabyte nVidia GTX550Ti 1GB DDR5 GPU
>
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/**
> mailman/listinfo/ubuntu-users<https://lists.ubuntu.com/mailman/listinfo/ubuntu-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20130723/95991ef1/attachment.html>

More information about the ubuntu-users mailing list