Ubuntu Linux forums hacked!

BetaNews ^ | Published 10 hours ago (that's what it says!) | Brian Fagioli

[Utilizer]

Linux was not hacked. The forum was -in order to steal usernames and passwords.

Big difference between that and a 'doze user getting their personal machine hacked or getting a virus, adware, or other malware installed on their machine.

Or suddenly noticing that their computer is busily downloading or has already installed the "upgrade" known as Win10, like it or not!

BIG difference!

[unixfox]

And if the forum was using Linux as it’s platform?

Then it was hacked!

[butlerweave]

someone realized the password was “Password”

[ThunderSleeps]

Possibly Ubuntu was hacked if it was running the server hosting the forum. More likely, the forum software was breached.

[Utilizer]

Then the forum website was hacked, not Linux itself.

[Utilizer]

My guess is someone with admin privileges used an insecure or easily-guessed password and someone managed to determine it and gain access to the site. So yes, the forum security was breached for a time until they could reset the passwords.

[Mr. M.J.B.]

Or one can read the article...

“Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on...”

[Stentor]

Brian’s middle name is Pasta E.

[Mr. M.J.B.]

Or one can read the article...

“Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on...”

[Mr. M.J.B.]

Or one can read the article...

“Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on...”

[Utilizer]

Really? It’s a Friday -do you really have to spoil My fun?

And I was so enjoying leading them on! :)

[Revel]

I heard that everyone downloading Linux was getting a copy of windows 10 Instead.

[Utilizer]

I mean, you didn’t even give Me enough time to post the “It was Aliens” graphic!

Spoilsport. |b

[Utilizer]

*laugh!* Right, then, -that one made Me literally laugh out loud!

*grin* Great sense of humor, mate. :)

[Mr. M.J.B.]

Sorry, the news the last 48 hours has been too much here.

I apologize for my snarkiness.

A good weekend.

[bigbob]

There you go. Half the internet...hell way more than half...runs LAMP stacks with few problems. But they add something to PHP to make it easier to service mobile apps and bam. http://www.forumrunner.net/

[dayglored]

The problem is almost certainly either the web forum software (probably written in PHP or similar) or a forum user with privilege and a weak password.

I'd be real surprised if this were a Linux kernel hack. Application software, database software, forum software,... sure.

In fact I'll bet a $20 donation to FR that it turns out to have nothing to do with the operating system itself.

[MCH]

I'd be real surprised if this were a Linux kernel hack. Application software, database software, forum software,... sure.

To be fair, on Windows or OS X it's almost never the kernel either. It's always some app, system service, browser, the Java stack, etc.

No way are the thousands of possible Linux open source packages built into the root filesystem image of the hundreds of Linux distro options any more secure than Windows or OS X applications. They're just less inviting targets due to lower consistent usage counts.

A full "OS" distribution per today's definitions is much more than just the kernel image, whether Windows, OS X or one of the many Linux variants.

[dayglored]

Well, okay... sort of.

I see modern software systems as being loosely partitioned into four layers:

• The kernel. We know what that is. In the case of Linux, it's the part that Linus maintains.
• The essential system services, system utilities, administrative tools. Things like disk partition editors, the "fsck" and "mount" commands, etc. In Linux, these are mostly Gnu software.
• The application services, like back-end databases(MySQL/MS-SQL/DB-2), webservers (Apache/IIS), app-layer networking. In Linux, these are generally third-party software.
• The user applications, like office suites, graphics editors, Adobe tools, and a zillion small apps. Generally third-party.

> ...thousands of possible Linux open source packages built into the root filesystem image of the hundreds of Linux distro options...

You must be thinking of the "complete desktop package" distros. Sure, Linux has a place on the desktop -- of about 1% of desktop users. The reality is that Linux is a server OS. And as such, those thousands of packages are in fact NOT "built into the root filesystem" of the servers.

Not arguing, just making a distinction:

• Windows was a single-user personal computer system, that in recent years has successfully established itself as a serious server OS, and they are finally making it possible to manage a Windows server without a freaking GUI -- what a concept.
• Whereas Linux was a server system (modeled on UNIX, which almost no one mistakes for a personal computer OS), that in recent years has successfully established itself as a serious (if overwhelmingly ignored) personal computer OS.

Windows could not exist as a viable personal computer system without the millions of user applications that make it a useful personal computer for the vast majority of its users.

Linux has those applications available for its die-hard desktop users (I count myself among those, incidentally), but the vast majority of Linux "users" are the System Admins who run the servers.

So while I don't disagree with your assertion that today's full "OS" distributions have a lot of user-application stuff in them, in the case of Linux, most of that stuff is not in fact installed in the vast majority of installations.

[cynwoody]

“Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on...”

Little Bobby Tables, yet again?