(0 - user rating)

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 

News

By Ian Paul

July 22, 2013 12:01 PM ET

PC World - Canonical, makers of the Ubuntu Linux distribution, recently announced that its Ubuntu help forums suffered a security breach over the weekend. Attackers were able to harvest an estimated 1.82 million user names, email addresses, and passwords from the site. Canonical says it isn't sure how hackers were able to breach its systems and the company has taken the forums at Ubuntuforums.org offline as a precaution.

Canonical is warning anyone with an Ubuntu Forums account about the hack via email. The company is also advising users to change their security credentials on other sites, especially email, if they used the same password and username/email for other online services.

Ubuntu.com services such as Ubuntu One are not believed to be affected by the hack since they do not share the same login account as the Ubuntu forums.

Malicious penguin

Fans of the Ubuntu forums began reporting that the site had been defaced on Saturday. The hacker or group of hackers who breached the site posted an image of a penguin (the Linux mascot is a penguin) holding an AK-47.

The message underneath the image suggested the hackers were more interested in exposing a poorly secured site than anything else. "None of this '[you got hacked] by albani4 c3bir 4rmy' stuff," the message on Ubuntu's forums site said. "Straight up, you dun goofed. It's as simple as that."

It's not clear if the hackers plan on exposing the database of user names and passwords online. Nevertheless, there is a definite possibility these account credentials could begin circulating around the less reputable areas of the Internet.

Canonical says forum user passwords were not stored in plain text and were hashed and salted. A hash uses a mathematical algorithm to convert plain text passwords into a series of numbers and letters. A specific hash will create the same string of letters and numbers each time for the same input (in this case a password). To make hashes more secure they are further obscured by "salting," a process that inserts random bits into the hash making it harder to guess the original password.

Canonical had not returned our request for comment at this writing, so it's not clear which hashing algorithm the company was using. However, a report from Ars Technica says Canonical was using the md5 hash. MD5 is a popular hashing algorithm that is often used by software companies as a security check to let users ensure downloaded executable files were not tampered with or corrupted. But md5 is not considered to be a secure choice for hashing passwords.

Batten down the hatches

Reports of password breaches are always a good time to reevaluate your own online security practices. Always make sure you are using unique passwords for every site you visit online. For tips on generating your own passwords check out PCWorld's "Learn to use strong passwords" or "Passwords: You're doing it wrong. Here's how to make them uncrackable."

 

Read more http://rss.computerworld.com/~r/computerworld/s/feed/topic/122/~3/bIgnuSl-SXw/Aftre_password_breach_Canonical_takes_Ubuntu_forums_offline

YOUR SUCCESS IS OUR SUCCESS

 

 

OUR BUSINESS MANAGEMENT

Maecenas et faucibus arcu. Quisque congue diam ac vulputate finibus. Fusce sed neque dictum, porta sapien quis, vehicula orci.

management1 f9b07

CHAIRMAN

Lorem ipsum dolor sit amet cursus consectetur adipiscing elit curabitur maximus augue consectetur.

management2 b741d

DIRECTOR

Lorem ipsum dolor sit amet cursus consectetur adipiscing elit curabitur maximus augue consectetur.

management3 b694d

PRESIDENT

Lorem ipsum dolor sit amet cursus consectetur adipiscing elit curabitur maximus augue consectetur.

management4 b4f56

MANAGER

Lorem ipsum dolor sit amet cursus consectetur adipiscing elit curabitur maximus augue consectetur.

management5 daffa

SUPERVISOR

Lorem ipsum dolor sit amet cursus consectetur adipiscing elit curabitur maximus augue consectetur.

management6 00f9d

ACCOUNTANT

Lorem ipsum dolor sit amet cursus consectetur adipiscing elit curabitur maximus augue consectetur.

management7 5e1be

LAWYER

Lorem ipsum dolor sit amet cursus consectetur adipiscing elit curabitur maximus augue consectetur.

management8 2fab9

TEAM LEADER

 

Lorem ipsum dolor sit amet cursus consectetur adipiscing elit curabitur maximus augue consectetur.

$489.00 each Cyford PBX Phone System
5 5 1 Product
Item not sold anymore
$489.00 each Cyford PBX Phone System
5 5 1 Product
Item not sold anymore
$489.00 each Cyford PBX Phone System
5 5 1 Product
Item not sold anymore
$489.00 each Cyford PBX Phone System
5 5 1 Product
Item not sold anymore