I forsee an NSA public relations drive, whereby sputnik gets doxed within 24h.
Then the Prez can appear on the whiteouse lawn for another bombastic speech.
Ubuntuforums.org, the Linux distribution's online community, has shut down for maintenance after a security breach. It's not a pretty one: the site's operators say “Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.” The good news is that “The …
This post has been deleted by its author
This post has been deleted by its author
Why not wrote about something you know about? Let me help you:-
Oh freddled gruntbuggly/thy micturations are to me
As plurdled gabbleblotchits on a lurgid bee.
Groop I implore thee, my foonting turlingdromes.
And hooptiously drangle me with crinkly bindlewurdles,
Or I will rend thee in the gobberwarts with my blurglecruncheon, see if I don't!
I note we're still awaiting enlightenment from your vast IT experience(s) on what the replacement ultra-secure OS should be.
Well, you've had enough time to at least get to Wikipedia...
My money's on someone touretting 'MacOS' or 'BSD'. In which you've failed cos I said them first even though I'd use neither. So there.
Pints for everyone bar you.
Those are all administration failings, not security flaws.
If you worked your way up from a callcentre into IT, and never studied computer science (at university or by yourself) then you might not see the difference, but it's there.
Also, SEL isn't a hack.
"Those are all administration failings, not security flaws."
According to the defacement statistics, most Linux based website attacks exploit OS security flaws.
"Also, SEL isn't a hack."
It's a bodge then. And it still doesn't fix the broken SUDO model - which Windows uses constrained delegation for.
If you can't differentiate between the OS and an application that runs on the OS (the forum software), then I suggest that you go and do some education.
Any application that runs it's own authentication mechanism, regardless of the OS it runs on, has the same degree of vulnerability.
I have an account on that site, but is it using the lowest grade of password that I use, so any site that may share the same password is probably not going to have any serious consequences to me.
QFT!
Received an email this morning informing me about the hack. Similar to Peter, I use different passwords (and strengths) for different sites:
1. email: unique
2. financial institutions: mixture of shared and unique amongst different financial institutions, but strong password with different layers of login credentials
3. forums: couple of usernames and shared password (certain forums have a different shared password)
Needless to say that passwords used in one group are NOT used for another group i.e. I do NOT use a password that I use for financial institutions that I use forums.
However, this is a good wake-up call to delete Internet presence i.e. account info for those sites that I rarely / no longer use.
This post has been deleted by its author
Sorry DW, didn't mean to pull the rug out from under you, just had forgotten to mention AK's NSA angle!.. a bit rude I thought considering I'm replying to him!
Yes, really.
Are you seriously suggest that murder is a better approach to monopolism than a spot of remote and trivial (as you seem to consider it) FUD slinging? Haven't you any knowledge of how MS has operated throughout its history? It has phorm for exactly this sort of crap you know. Convictions.
Or is your argument that a giant software company which has spent the last decade hurling billions of bucks into desperate bids to muscle in on the mobile sector, with no significant success, couldn't have any interest in the (F)OSS "cancer" (as its CEO calls it) entering the market?
They've even fucked their current Windows (the family jewels) cycle in their desperate drive to shoehorn their userbase onto their cloudtastic vision of the future. Gimped it into some sort of me-too app based chimera of what iOS/Android does. Cloud based subscription services. Apps. That's how the others... the successful growing players are doing it. Subscription services are the only way MS has an consumer future. Make Windows like them. Lock mobile devices onto "Win"RT, its self locked onto the MS app store. Eureka!
Microsoft's traditional desktop stronghold is shrinking. Mobile is eating it alive. MS appears to have bet the farm on imitating the mobile incumbents. So far this has failed but it still seems to be plan A, B and C. MS hasn't got there yet but they're certainly still trying! They've got $billion writedown THIS QUARTER to show for it.
MUST. GET. THE. PLEBS. ONTO. AN. MS. APP. STORE. SUBSCRIPTION. MODEL.
So the prospect of an OPEN mobile OS without the appstore-lockin mechanism becoming established in the sector BEFORE Microsoft makes any inroads couldn't threaten MS's me-too survival plan? The "cancer" COULD well be about to "disrupt" the mobile market, making Microsoft's heir apparent obsolete before it even takes hold. Ubuntu and Mozilla have been attracting significant interest within the industry and among the public. They have OEM and carrier outreach projects which seem to be attracting more interest than MS's! No one at MS could have noticed this? No one at MS could feel their plans for the future might be threatened by this? No one at MS might want to nip the cancer in the bud, before it infects the mobile sector? Pull the other one. They'd be negligent if they didn't. So what can MS do about this very real THREAT? Buy them out? That's always worked throughout MS's history, from the origins of DOS to present... not so great with (F)OSS "cancer" though, is it: You buy to smother, they fork and invest your beeelions into their new project. Bugger. So where does that leave MS? Well, they've always had one other tactic: FUD. So this can't possibly be FUD. How "paranoid". The pixies must have done it just for the lulz. The timing is just a coincidence. No possibility of any other explanation. We can all sleep safely in Stepmond again tonight.
Anyway, enough rambling on about the bleeding obvious. How is the suggestion that MS might be up to something underhanded even contentious these days, after 30 years of it?
I'm not posting as AC by the way. Not that AC anyway.
Interesting timing. Just as Ubuntu Phone seems (seemed?) to be starting to pick up some momentum...
http://www.phoronix.com/scan.php?page=news_item&px=MTQxNTg
The Forum isn't the only thing to have been taken down. The "Ubuntu Edge" countdown timer (which was to end TOMORROW) has disappeared from the ubuntu.com homepage.
Coincidence? Course it is. There couldn't possibly be any possibility of any connection between "Sputn1k" and Redmond's (or Cupertino's) FUD dept... Could there?
Must. Destroy. Evil. Communist. GPL. Software. Cancer.
As for any possibility of any NSA interest... well, as we all know, the incumbents (Apple, Google & Microsoft) bend over backwards to give the NSA access to all our data. So clearly the NSA couldn't possibly have any interest at all in the possibility of some (F)OSS upstart upsetting the status quo.
/trolldessert
Who needs the NSA? There are a lot of volunteers on the site and many of them have more than sufficient abilities to track down a script kiddy.
A inpromptu BBQ party on the miscreant's front lawn works wonders for making the point about anonymity on the Internet.
WRT other comments: just about all forum sites have holes and virtually all the holes are in the forum software itself (wikis are particularly bad). In most cases user details get lifted without even touching the security of the underlayng webserver.
>>"Their lusers level of noobishness and RTFM-refusal is simply unbearable."
I reply to questions on the Ubuntu Forum and many people who post there are too lazy or stupid to search for answers. Also for many English is not their first language and they struggle to formulate their wishes.
But interestingly they all seem to be sick of Windows and are trying to use an OS that is free and does not get hacked every ten seconds. (presumably mostly by the NSA!)
I gave up using Windows when I spent more time keeping it going than using it
On the upside, there are many intelligent posters and I have learnt a lot from them.
Microsoft's main problem is that nobody trusts them any more.
>>"Thank you, Mr. Lacroix, for so eloquently exemplifying the self-righteousness and arrogance that has kept me away from Linux for nigh on a dozen years."
You profess to be in IT and make a statement that dumb? You are either a shill or an idiot.
Never try to learn French or German. Some of those nationals may be arrogant.
On occasion I have to use the Ubuntu forums, and I often find it a trying experience. One of the biggest issues is the amount of "difficult" questions asked and just ignored, one of the next biggest problems is the easy ones with patronising "you're too stupid to understand" answers. How do you expect people to learn, if you tell them things like "you're too stupid to get this"?
As for "Microsoft's main problem is that nobody trusts them any more." you did notice the bit in the article where they said that Ubuntu forums had 20k active users? That's a long way off everone and it's another attitude that puts people off. The amount of comments which have a "windoze is shite" or the amount of commentators who feel the necessity to have "Windoze is shite" in their sig, is frankly counter productive to the community and the FOSS movement as a whole..
I bet Lacroix hangs out in #Perl on Efnet (that's on IRC to the rest of us), cynically telling people who've already searched everywhere else to 'go RTFM you moron and stop wasting our time'.
When after all, #perl is a last bloody resort anyway for Perl clues because of the social dysfunctionals that inhabit it exhibiting precisely that dickhead behaviour.
This post has been deleted by its author
"I think you will find that Windows 8 already has a couple of orders of magnitude more users than Ubuntu...."
Only due to ignorance! :-P
(Actually, I have yet to find a client that thinks windows 8 is ok. They universally seem to hate it, not even Vista got it this bad! Maybe I need more clients! )
I'm offended that you would think I don't take the time to look after my clients. With windows 8 I have provided more initial support than ever before.
Unfortunately most of my clients are well, 'the unwashed masses', and metros schizophrenic nature plus M$ forcing their online services down peoples throats (IMHO) are causing issues.
One well meaning old dear had ADSL issues, so the email system prompted her for a password. She just enters all her account details again, what she thinks is right. OMG the mess from that simple little misunderstanding!
I could list a long line of, only win8 bugs that I have encountered, but hey every windows version is the same, initially.
The thing that I was commenting on was the fact that, from my experience, when vista came in you had people complementing it(+), people reserving their comments(=), and people being derogatory about it(-).
With windows 8 I've only had people reserving their comments(=) or being derogatory about it(-).
How about you taking the time and listening to what people say
Pretty certain last time I looked into server security they were pretty much as good / bad as each other. They both had severe vulnerabilities, and the number of hacked servers was pretty much a 50/50 split. Effectively as bad as each other. Most of the vulnerabilities are injected by either poor configuration or the applications on the web server.
Personally my home server is on Hiawatha. I'm not skilled enough to configure and keep updated a secure Apache distro, can't be bothered to shell out for another windows box, secure, easy to maintain, and it's not one of the 'big two' so a little harder to target.
"They both had severe vulnerabilities"
But they are an order of magnitude greater in number on the LAMP stack.
"and the number of hacked servers was pretty much a 50/50 split."
Nope - even adjusting for market share, you are several times more likely to get hacked on a Linux based internet facing server: http://www.zone-h.org/news/id/4737
Seems like once a month a read on this journal about some large organisation having it user db (passwords salted or not) being swiped. And I'll bet there are many more breaches besides that don't get reported.
I'm sure they all lost their data for a wide variety of 'good' reasons and I'm sure most of them when to great lengths to protect their data. But evidently, their measures are not working.
Sounds to me like the whole security thing needs to be re-invented from the ground up. A fool proof, fail safe architecture. Sounds grand, I know. But I bet there are big-bucks/much-kudos to be made by anyone who comes up with it.
Just reviewed my password for the Ubuntu forum and it was sufficiently bizarre, complex weird, unrelated to anything else I've ever used it was quite nice to see.
Having hundreds of passwords is a bit of drag until these sorts of things come up.
Wonder when the first large "Single sign-in" (google/openid/yahoo etc) compromise will hit.
I assume it already has, just not big enough to leave a media crater.
Frankly that given that my Yahoo password (which was not a dictionary word) was "guessed" by someone in India and I know several other people who had Yahoo accounts which apparently got compromised I suspect that Yahoo have had a security breach.... they either haven't noticed it or wont admit to it.
@AC 10:31 - >"Just reviewed my password for the Ubuntu forum and it was sufficiently bizarre, complex weird, unrelated to anything else I've ever used it was quite nice to see."
Me also - and I am very upset that the hackers have now stolen my treasured Ubuntu forums password - "12345678". I fear what those evil hackers will do with my 5 posts from 2008 on trying to get Adobe Acrobat Pro working under Wine.
Fortunately, I don't use the same password for my banking websites. I got smart with those and added the "special character" - "12345678!"