Little Bobby Tables, yet again?
Posted on 07/15/2016 6:57:53 PM PDT by Utilizer
There is a common misconception that all things Linux are bulletproof. The fact is, no software is infallible. When news of a Linux vulnerability hits, some Windows and Mac fans like to taunt users of the open source kernel. Sure, it might be in good fun, but it can negatively impact the Linux community's reputation -- a blemish, if you will.
Today, Canonical announces that the Ubuntu forums have been hacked. Keep in mind, this does not mean that the operating system has experienced a vulnerability or weakness. The only thing affected are the online forums that people use to discuss the OS. Still, such a hack is embarrassing, as it was caused by Canonical's failure to install a patch.
"There has been a security breach on the Ubuntu Forums site. We take information security and user privacy very seriously, follow a strict set of security practices and this incident has triggered a thorough investigation. Corrective action has been taken, and full service of the Forums has been restored. In the interest of transparency, we’d like to share the details of the breach and what steps have been taken. We apologize for the breach and ensuing inconvenience", says Jane Silber, Chief Executive Officer, Canonical Ltd.
(Excerpt) Read more at betanews.com ...
Big difference between that and a 'doze user getting their personal machine hacked or getting a virus, adware, or other malware installed on their machine.
Or suddenly noticing that their computer is busily downloading or has already installed the "upgrade" known as Win10, like it or not!
BIG difference!
And if the forum was using Linux as it’s platform?
Then it was hacked!
someone realized the password was “Password”
Possibly Ubuntu was hacked if it was running the server hosting the forum. More likely, the forum software was breached.
Then the forum website was hacked, not Linux itself.
My guess is someone with admin privileges used an insecure or easily-guessed password and someone managed to determine it and gain access to the site. So yes, the forum security was breached for a time until they could reset the passwords.
Or one can read the article...
“Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on...”
Brian’s middle name is Pasta E.
Or one can read the article...
“Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on...”
Or one can read the article...
“Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on...”
Really? It’s a Friday -do you really have to spoil My fun?
And I was so enjoying leading them on! :)
I heard that everyone downloading Linux was getting a copy of windows 10 Instead.
I mean, you didn’t even give Me enough time to post the “It was Aliens” graphic!
Spoilsport. |b
*laugh!* Right, then, -that one made Me literally laugh out loud!
*grin* Great sense of humor, mate. :)
Sorry, the news the last 48 hours has been too much here.
I apologize for my snarkiness.
A good weekend.
There you go. Half the internet...hell way more than half...runs LAMP stacks with few problems. But they add something to PHP to make it easier to service mobile apps and bam. http://www.forumrunner.net/
I'd be real surprised if this were a Linux kernel hack. Application software, database software, forum software,... sure.
In fact I'll bet a $20 donation to FR that it turns out to have nothing to do with the operating system itself.
To be fair, on Windows or OS X it's almost never the kernel either. It's always some app, system service, browser, the Java stack, etc.
No way are the thousands of possible Linux open source packages built into the root filesystem image of the hundreds of Linux distro options any more secure than Windows or OS X applications. They're just less inviting targets due to lower consistent usage counts.
A full "OS" distribution per today's definitions is much more than just the kernel image, whether Windows, OS X or one of the many Linux variants.
I see modern software systems as being loosely partitioned into four layers:
You must be thinking of the "complete desktop package" distros. Sure, Linux has a place on the desktop -- of about 1% of desktop users. The reality is that Linux is a server OS. And as such, those thousands of packages are in fact NOT "built into the root filesystem" of the servers.
Not arguing, just making a distinction:
Linux has those applications available for its die-hard desktop users (I count myself among those, incidentally), but the vast majority of Linux "users" are the System Admins who run the servers.
So while I don't disagree with your assertion that today's full "OS" distributions have a lot of user-application stuff in them, in the case of Linux, most of that stuff is not in fact installed in the vast majority of installations.
Little Bobby Tables, yet again?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.