Ubuntu forum users take note.

[hazelnut]

Forum has been hacked and all users login and email details accessed

 

http://ubuntuforums.org/announce.html?t=1582084&page=2&p=9891841

[rridgely]

Ugh, I had an account there. I don't go there much, they should probably at least send out an email to all their members.

I'm actually surprised this happened, I guess the hackers don't care who they hack anymore. I figured a linux site would be safe from them.

[Alan_B]

I figured a linux site would be safe from them.

Could they have been using a Windows Server to run the site

[rridgely]

Not what I meant. Usually the sites that get hacked don't revolve around open source/linux stuff. They hack people like sony, microcosft, or sometimes even governments. What do you gain by hacking a linux form? There is no credit cards, at best you get a few email addresses where the person used the same password they used on the forum. Doesn't seem worth the effort.

[Nergal]

Not what I meant. Usually the sites that get hacked don't revolve around open source/linux stuff. They hack people like sony, microcosft, or sometimes even governments. What do you gain by hacking a linux form? There is no credit cards, at best you get a few email addresses where the person used the same password they used on the forum. Doesn't seem worth the effort.

sadly, this argument expired around the time hackers ceased being 'do it for fun' and began to see profit in internet burglaries. The size of the userbase at Ubuntu is so large that you'll have a huge wordlist for bashing other passwords. Also since most humans use the same password (or permutation of) for all/most sites, it becomes a powerful stepping stone for the buyer/downloader of the password file.

Finally just having the email addresses (not even the passwords) allows for linux based social engineering attacks to get access to 'higher level' targets (facebook, shopping, banking sites).

Edited July 22, 2013 by Nergal
added more

[login123]

Forum has been hacked and all users login and email details accessed . . .

 

I got an email from Ubuntu recommending changing passwords.

 

In the process of changing them, I found that I could not log in to a few sites.

On a couple of those sites I asked for a new password to be sent, it has not arrived after 2 or 3 hours.

Unusual to take so long.

 

One or two of the sites don't recognize the username I had.

[rridgely]

Well I've finally decided to join lastpass:

https://lastpass.com/

 

I'm tired of having to make up passwords and at least the ones this thing makes are more secure and I wont have to remember them. I went ahead and paid the $12 for the mobile phone app as I log into a lot of stuff on my phone.

[Nergal]

lastpass is all right though there are cheaper routes

I use keepass and there are a bunch of phone ports (though untested by me as I lack compatibility)

http://keepass.info/download.html

[rridgely]

I've seen keepass before but I honestly forgot about it. Lastpass is free unless you use the mobile version which is pretty essential to me. $1 a month doesn't seem so bad.

[mta]

The functionality of Lastpass just seems unnatural.

All your passwords stored offsite - freaky. (yep, they're encrypted - tightly - but still...)

Brave new world I guess.

 

And what is the legality for example, of giving your Web Banking passwords to a third party when we are told not to ???

 

Take the scenario; money disappears from web accessible account, Mr Bank Manager asks "Who else knows your passwords?", do you put your hand on your heart and say "No-one" ?

[hazelnut]

Latest......

 

http://nakedsecurity.sophos.com/2013/07/23/ubuntu-users-relax-the-gun-toting-penguin-says-she-means-no-harm/

[mta]

Oorrrr, how cute, a hacker with a moral compass.

(I still say knee-cap the b*******s !)

[Nergal]

that article was awesome hazelnut