Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Does Ubuntu Forum is still safe?

  1. #1
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Angry Does Ubuntu Forum is still safe?

    Hi all,

    Do you remember that Ubuntu forum has been hacked in July this year? The admin(s) have said that they figured out the vulnerabilities and they have informed vBulletin.com about the finding. The vBulletin.com will fix the vulnerabilities. Do you remember?

    However, admin(s) of Ubuntu forum are making a joke to us. Why?

    The report at the INQUIRER :
    http://www.theinquirer.net/inquirer/...ro-day-attacks

    The facebook of the Inj3ct0r Team :
    https://www.facebook.com/inj3ct0rs/p...11793255548704

    I am doubt that the Ubuntu Forum is still safe even the SSO Login is implemented.

    Samiux
    Last edited by samiux; November 18th, 2013 at 09:22 PM. Reason: fix typo

  2. #2
    Join Date
    May 2007
    Location
    The New Forest
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: Does Ubuntu Forum is still safe?

    So Vbulletin's forum and another one have been hacked.

    Nothing to do with us. We don't have anything to do with either of those sites - neither do Canonical.

    If the information Canonical discovered was passed onto them - how is that anything to do with us?

    However, admin(s) of Ubuntu forum are making a joke to us. Why?
    Really?

    How so?

    If you have doubts about the safety of the site then the best thing to do would be post in the Resolution Centre where we can disable your account.

    In the meantime this reads just like a troll post.
    Forum Social IRC Channel
    Xubuntu IRC Support
    Xubuntu Support

    Please do not PM me about Registration issues without having been asked to. I will tell you to post here

  3. #3
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Does Ubuntu Forum still safe?

    Quote Originally Posted by Elfy View Post
    So Vbulletin's forum and another one have been hacked.

    Nothing to do with us. We don't have anything to do with either of those sites - neither do Canonical.

    If the information Canonical discovered was passed onto them - how is that anything to do with us?



    Really?

    How so?

    If you have doubts about the safety of the site then the best thing to do would be post in the Resolution Centre where we can disable your account.

    In the meantime this reads just like a troll post.
    My doubt is your findings are right? Assume that your findings are right and vBulletin.com is informed, vBulletin.com should fix the vulnerabilities that you found.

    However, their site is also hacked. Therefore, I think that your findings are not the right one.

    May be my English is not good, so you misunderstood my meaning.

    Samiux

  4. #4
    Join Date
    Jun 2006
    Location
    UK
    Beans
    Hidden!
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Does Ubuntu Forum is still safe?

    Canonical sysadmins established a constructive and mutually useful dialogue with Vbulletin support staff as described here:

    http://ubuntuforums.org/showthread.php?t=2164064

    If you are suggesting that the behaviour of either Canonical or Vbulletin staff was less than professional, that is not an allegation that will win you any credibility.

    Much has been done by both Canonical sysadmins and forum staff since the security breach, with the interests of the forum membership and the integrity of the forum as priorities, and much of it not publicised for obvious reasons. What happens on other forums is nothing to do with this forum or Canonical, but if lessons can be learnt from happenings on other vbulletin forums, we would wish to know about them.
    Last edited by coffeecat; November 19th, 2013 at 12:13 AM.

    Please do not PM me about your forum account unless you have been asked to. The correct place to contact an admin about your account is here.

  5. #5
    Join Date
    Feb 2008
    Beans
    Hidden!

    Re: Does Ubuntu Forum is still safe?

    and facebook is what. credible?


  6. #6
    Join Date
    Jan 2011
    Beans
    101
    Distro
    Ubuntu

    Re: Does Ubuntu Forum is still safe?

    Quote Originally Posted by samiux View Post
    Hi all,

    Do you remember that Ubuntu forum has been hacked in July this year? The admin(s) have said that they figured out the vulnerabilities and they have informed vBulletin.com about the finding. The vBulletin.com will fix the vulnerabilities. Do you remember?

    However, admin(s) of Ubuntu forum are making a joke to us. Why?

    The report at the INQUIRER :
    http://www.theinquirer.net/inquirer/...ro-day-attacks

    The facebook of the Inj3ct0r Team :
    https://www.facebook.com/inj3ct0rs/p...11793255548704

    I am doubt that the Ubuntu Forum is still safe even the SSO Login is implemented.

    Samiux
    Samiux hi,

    Have you find any vulnerabilitty in Ubuntu Forums? are the Inj3ct0r Team a trusted hacker team?

    I normally read your "blog" soo if they are trusted, I think we all have a problem...

    Regards
    Miguel

  7. #7
    Join Date
    Apr 2013
    Beans
    114
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Does Ubuntu Forum is still safe?

    I was wondering if there's any chance to use a secure protocol (https) for the entire session on ubuntuforums.org, not only for the login step?

    I am not discussing the security of the ubuntuforums, but I personally have a preference for everything that is encrypted and I've got 14 hops until I reach the server. So, I was just wondering...

  8. #8
    Join Date
    Sep 2006
    Location
    France.
    Beans
    Hidden!
    Distro
    Lubuntu Development Release

    Re: Does Ubuntu Forum is still safe?

    Moved to Forums Feedback & Help.
    | My old and mostly abandoned blog |
    Linux user #413984 ; Ubuntu user #178
    J'aime les fraises.
    Nighty night me lovelies!

    | Reinstalling Ubuntu ? Please check this bug first ! |
    | Using a ppa ? Please install ppa-purge from universe, you may need it should you want to revert packages back |
    | No support requests by PM, thanks |

  9. #9
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Does Ubuntu Forum is still safe?

    Quote Originally Posted by miguelpires View Post
    Samiux hi,

    Have you find any vulnerabilitty in Ubuntu Forums? are the Inj3ct0r Team a trusted hacker team?

    I normally read your "blog" soo if they are trusted, I think we all have a problem...

    Regards
    Miguel
    Hi Miguel,

    I will not test the Ubuntu Forums as I am not authorized to do so. I hope officials of Ubuntu Forums can assign Penetration Tester(s) to test the Ubuntu Forums in order to find out any potential vulnerabilities.

    The Inj3ct0r Team stated that they responsible to the attacks. They are criminals. One of my friends' web site has been kidnapped by the team last month.

    I am worrying that let's assume Ubuntu Forums admins find the vulnerabilities after the attack and they informed the vBulletin.com. The vBulletin.com fixed accordingly. The patch has been released but Macrumors.com did not fix the flaw(s) in time. So, the Macrumors.com is attacked in the same manner of Ubuntu Forums in July as it stated in facebook of Inj3ct0r Team. It is understandable.

    However, the Inj3ct0r Team stated that vBulletin.com is attacked via an undocumented vulnerability. Therefore, I suspect that Ubuntu Forums may have the same vulnerability of vBulletin.com too.

    The website(s) can be defensed if all the vulnerabilities have been discovered before the bad guy(s). Please refer to OWASP Top 10 2013 for details -- https://www.owasp.org/index.php/Cate...op_Ten_Project and their testing guide -- https://www.owasp.org/index.php/OWASP_Testing_Project

    Samiux

  10. #10
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Does Ubuntu Forum is still safe?

    Quote Originally Posted by clearski View Post
    I was wondering if there's any chance to use a secure protocol (https) for the entire session on ubuntuforums.org, not only for the login step?

    I am not discussing the security of the ubuntuforums, but I personally have a preference for everything that is encrypted and I've got 14 hops until I reach the server. So, I was just wondering...
    Hi clearski,

    Even encrypted traffic (https) is in action, the bad guy(s) can hijack your cookie or session too unless your web application or web server is applied "HTTPONLY" secure flag.

    Samiux

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •