Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Ubuntu Forums Hacked

ubuntu

  • Please log in to reply
12 replies to this topic

#1 CriticalError

CriticalError

    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 185 posts

Posted 23 July 2013 - 03:55 PM

Got an email today saying Ubuntu Forums has been compromised, so all usernames, emails and passwords have been taken, this has really made me angry because that password is used on a few other sites, hackers really annoy me man. This password was used on amazon now I have changed it. The username is different though. But usually I stick to one password across all forums, this has happened only a week after Bohemia have been hacked.


  • 0

#2 Roger

Roger

    Skadoosh!

  • Administrator
  • 1222 posts
  • Programming Language:C, PHP
  • Learning:Others

Posted 23 July 2013 - 04:23 PM

Just saw that. They've been down since Saturday? That's quite some time for them to restore the site.


  • 0

New around here? Click here to register and start participating in under a minute?

Or do a quick search and you may find the answer you're looking for.


#3 Jamesx

Jamesx

    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 122 posts
  • Location:United Kingdom
  • Learning:C#, Others

Posted 23 July 2013 - 06:00 PM

Yea I seen that today also. They develop a decent operating system, and they can't even prevent their site from being defaced with a stupid image. It's kind of stupid in my opinion. Lucky I use different passwords for everything.


  • 1

#4 JasonKnight

JasonKnight

    CC Addict

  • Senior Member
  • PipPipPipPipPip
  • 312 posts
  • Location:Keene, NH
  • Programming Language:C, C++, JavaScript, Delphi/Object Pascal, Pascal, Assembly, Others

Posted 23 July 2013 - 06:15 PM

I just saw this article:
http://threatpost.co...password-breach

... and this part caught my eye:

“Yes, they were encrypted. Encrypted with the default vBulletin hashing algorithm (md5(md5($pass).$salt). Whilst it may not be the strongest, when you’re dealing with 1.8m users it would take a very long time to get anywhere with the hashes,” the tweet said. “You don’t have to worry about a DB leak. That isn’t how I like to do things.”


Good going dumbass -- since md5 has been rainbowed to DEATH and hasn't been 'secure' for over a decade, I don't care how you pass/salt it, that's wide open.

Of course, they're using the same off the shelf garbage forums that's in use here -- vBull. emphasis on the Bull... No offense, but I trust it about as far as I can throw the USS IOWA; on the same logic I don't trust a lot of forum and blogging software. If the front end code is such inept bloated BS, do I even want to know what it looks like under the hood?

In any case, MD5... 2013... RIGHT... Thanks for telling us (and the crackers) EXACTLY how it's encoded. (Not that they couldn't get that elsewhere, it's still stupid to advertise)

Though this is why I like Opera's wand (and am pissed it's nowhere to be found in that steaming pile of crippleware known as Opera 15) since I use all sorts of different passwords on every site, but can have them unified behind one password in the browser. A good password manager is important in this day and age.

Edited by JasonKnight, 23 July 2013 - 06:17 PM.

  • 2
The only thing about Dreamweaver that can be considered professional grade tools are the people promoting it's use.

#5 Roger

Roger

    Skadoosh!

  • Administrator
  • 1222 posts
  • Programming Language:C, PHP
  • Learning:Others

Posted 23 July 2013 - 06:52 PM

they're using the same off the shelf garbage forums that's in use here -- vBull.


Just as a clarification, we don't use vBulletin here. :)
  • 0

New around here? Click here to register and start participating in under a minute?

Or do a quick search and you may find the answer you're looking for.


#6 Jamesx

Jamesx

    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 122 posts
  • Location:United Kingdom
  • Learning:C#, Others

Posted 23 July 2013 - 06:56 PM

Just as a clarification, we don't use vBulletin here. :)

 

Haha, It's a IPB Board right?

 

Well they are kinda stupid for using MD5 ._. and who says they won't go through all the users e.e. they don't know that :S.


  • 0

#7 JasonKnight

JasonKnight

    CC Addict

  • Senior Member
  • PipPipPipPipPip
  • 312 posts
  • Location:Keene, NH
  • Programming Language:C, C++, JavaScript, Delphi/Object Pascal, Pascal, Assembly, Others

Posted 23 July 2013 - 06:56 PM

My bad, this is invasion PB. Just got this though: http://www.simplemac...?topic=508232.0 There's a rash of them too. Cute part is, the attack seems to be coming NOT from the forum softwares, but through the portals attached to them and/or compromising other sites on shared hosting. ... and people wonder why I don't like modding forum software into portals, and prefer to keep site and forums as separate entities. Generally speaking, I distrust forum/blogging software mods in the first place! It's like people have 'already' forgotten nevernosanity/santy.A, aka the worm that KILLED phpBB's userbase.
  • 0
The only thing about Dreamweaver that can be considered professional grade tools are the people promoting it's use.

#8 JasonKnight

JasonKnight

    CC Addict

  • Senior Member
  • PipPipPipPipPip
  • 312 posts
  • Location:Keene, NH
  • Programming Language:C, C++, JavaScript, Delphi/Object Pascal, Pascal, Assembly, Others

Posted 23 July 2013 - 07:19 PM

You know... I'm wondering if this is related to the Apple Developer channel being cracked too. As I said we're seeing a bunch of places compromised back-to-back-to-back.

Well they are kinda stupid for using MD5 ._. and who says they won't go through all the users e.e. they don't know that :S.

Even more fun, if they had a user account on it before stealing the users DB, they'd be able to reverse engineer the salt pretty quick.

Unless of course the salt is stored in the DB next to the users, which always struck me as a herpaderp pointless approach to salting that's self-defeating.
  • 0
The only thing about Dreamweaver that can be considered professional grade tools are the people promoting it's use.

#9 Jamesx

Jamesx

    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 122 posts
  • Location:United Kingdom
  • Learning:C#, Others

Posted 23 July 2013 - 07:19 PM

Yea I seen that to, Could be MS next :P


  • 0

#10 Carfax

Carfax

    CC Regular

  • Member
  • PipPipPip
  • 43 posts
  • Programming Language:PHP, Python, JavaScript, Perl, Bash, Others

Posted 24 July 2013 - 12:29 AM

Nobody's safe no more.... Even twitter was hacked, how you gon blame a voluntary community based forum for not being secure enough?


  • 0

#11 Aion

Aion

    CC Resident

  • Advanced Member
  • PipPipPipPip
  • 97 posts
  • Location:United Kingdom

Posted 24 July 2013 - 01:00 AM

md5(md5($pass).$salt

 

Star_Trek_Facepalm_by_Pulvinar.jpg


Edited by GreenshootProgrammer, 24 July 2013 - 01:02 AM.

  • 0

#12 CriticalError

CriticalError

    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 185 posts

Posted 24 July 2013 - 02:30 AM

Nobody's safe no more.... Even twitter was hacked, how you gon blame a voluntary community based forum for not being secure enough?

 

Well at least they can do a bit more than use an encryption which is broken!


  • 0





Also tagged with one or more of these keywords: ubuntu

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download