Jump to content

Two Million Passwords Breached in Ubuntu [forum] Hack


RV_

Recommended Posts

If you frequent the Ubuntu forums and use the same password on other websites you might want to take immediate action.

 

Excerpt:

 

"Linux users who frequent the Ubuntu forums may want to change their passwords following news that an attacker was able to breach the service and its two million users.

 

Jane Silber, Chief Executive Officer at Canonical,the company that maintains the service, acknowledged on Friday that a known SQL injection vulnerability in Forumrunner, an add-on in the Ubuntu forums that hadn’t been patched, led to the attack.

While Silber claims that no active passwords were accessed in the breach, changing a password after incidents like this is generally viewed as a de rigueur practice.

 

Once in, the attacker had the ability to inject formatted SQL to the Forums database and read from any table in the database. Silber claims it appears the attacker only focused on one table in particular however: the ‘user’ table, which contains the usernames, passwords, and IP addresses of two million users. The attacker downloaded portions of the table, Silber claimed, but cautioned that in addition to being old, the passwords were also hashed and salted ‘random strings,’ something that could make decoding them more difficult.

 

Silber claims Ubuntu is certain the attacker wasn’t able to access any code belonging to the operating system, its update mechanism, or access any valid user passwords.

 

Silber is less certain – but believes the attacker was not able to escalate past remote SQL read access, gain remote SQL write access, gain shell access to the Forums database, gain shell access to the Forums servers, or gain access to any other Canonical or Ubuntu services.

 

Canonical began looking into the incident last Thursday, when a member of the Ubuntu Forums Council informed the company’s information security team that someone claimed they had a copy of the Forums database. The team took the site down for a period of time after the company was able to confirm there was a leak."

 

There is more in the full article here: https://threatpost.com/two-million-passwords-breached-in-ubuntu-hack/119335/

 

Be advised that the article is a bit misleading. Here is the UBUNTU statement that prompted it:

 

"What the attacker could not access

 

We know the attacker was NOT able to gain access to any Ubuntu code repository or update mechanism.

 

We know the attacker was NOT able to gain access to valid user passwords.

 

We believe the attacker was NOT able to escalate past remote SQL read access to the Forums database on the Forums database servers.

 

We believe the attacker was NOT able to gain remote SQL write access to the Forums database.

 

We believe the attacker was NOT able to gain shell access on any of the Forums app or database servers.

 

We believe the attacker did NOT gain any access at all to the Forums front end servers.

 

We believe the attacker was NOT able to gain any access to any other Canonical or Ubuntu services."

 

There are only two items they are 100% sure of that use the term know, as opposed to believe in the others. That post is here on Canonical's website: https://insights.ubuntu.com/2016/07/15/notice-of-security-breach-on-ubuntu-forums/

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

RVers Online University

campgroundviews.com

Our program provides accurate individual wheel weights for your RV, toad, and tow vehicle, and will help you trim the pounds if you need to.

RV Cable Grip

RV Cable Grip

All the water you need...No matter where you go

Country Thunder Iowa

Nomad Internet

Rv Share

Dish For My RV.

RV Air.

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

The Rvers- Now Streaming

RVTravel.com Logo



×
×
  • Create New...