Page 1 of 4 123 ... LastLast
Results 1 to 10 of 37

Thread: In light of the attack

  1. #1
    Join Date
    Mar 2011
    Beans
    680

    In light of the attack

    A lot of people often think "Well I don't visit sketchy sites, I don't download illegal things", and the like. I think the attack on this site should prove that all of you were exposed to attacker controlled content for *days*.

    For multiple days when you visited this site an attacker could have put an exploit page. They know it's Ubuntu, they know you're all running it. The attack could have been easily targeted to users here.

    I think it would be wise to consider this when you build your security setups - if you used NoScript, did you have this site whitelisted? How would you have been protected if the attacker had actually wanted to exploit you?

    Something to think about.
    sig

  2. #2
    Join Date
    Jan 2011
    Location
    Lima, Perú
    Beans
    14

    Re: In light of the attack

    If you read Canonical's announcement you'll see the attack wasn't done at Ubuntu, but instead at vBulletin, the software the forums use.

  3. #3
    Join Date
    Mar 2011
    Beans
    680

    Re: In light of the attack

    I didn't say that it was an attack on Ubuntu. I said that users on this forum were exposed to attacker controlled content for days. Given taht this is an Ubuntu support forum, the attacker obviously knows what operating system the majority of users were running.
    sig

  4. #4
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: In light of the attack

    The first is incorrect, since the site was taken off line by Canonical. The second isn't such a hard guess, so I suppose the attacker did.

    And?
    Please read The Forum Rules and The Forum Posting Guidelines
    My Blog
    A thing discovered and kept to oneself must be discovered time and again by others. A thing discovered and shared with others need be discovered only the once.
    This universe is crazy. I'm going back to my own.

  5. #5
    Join Date
    Jul 2008
    Beans
    2,825

    Re: In light of the attack

    Change your password and carry on...

  6. #6
    Join Date
    Dec 2010
    Beans
    112

    Re: In light of the attack

    I noticed that I had to go thru several attempts today to get logged in.
    I had to replace existing signon. Makes me wonder if there is still security risk?

  7. #7
    Join Date
    Jul 2008
    Beans
    2,825

    Re: In light of the attack

    Quote Originally Posted by eightbits2010 View Post
    I noticed that I had to go thru several attempts today to get logged in.
    I had to replace existing signon. Makes me wonder if there is still security risk?
    Security risk? Working with no problems here. I would worry more about other sites you have accounts on than this site.

  8. #8
    Join Date
    Mar 2011
    Beans
    680

    Re: In light of the attack

    The first is incorrect, since the site was taken off line by Canonical. The second isn't such a hard guess, so I suppose the attacker did.

    And?
    Not sure what you're referring to. What are you saying is correct/ incorrect?
    sig

  9. #9
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: In light of the attack

    Quote Originally Posted by eightbits2010 View Post
    I noticed that I had to go thru several attempts today to get logged in.
    I had to replace existing signon. Makes me wonder if there is still security risk?
    Read bodhi.zazen's excellent stickies on first page of this sub-forum. There is always risk. Stepping out of your house involves risk. Staying in your house involves risk. That's life. People who want an absolutely risk-free life are either naive or delusional. It is advisable to minimize risk to something tolerable, but risk cannot be completely eliminated. The new login procedure can also be compromised. I would suggest that one should conduct oneself as if, one day, it will be. Distinct passwords for all sites. Keep registered sites to the absolute minimum. Never post anything that you wouldn't want the whole world to see exposed as your true self and stripped of pseudonym. Etc.

    We all come to decisions about whether rewards are worth the risk. I believe that the rewards from this forum trump the risk I take in visiting it. But that's my decision. Others will come to differing decisions. Both decisions are valid and based on the risk tolerance of the individual.

  10. #10
    Join Date
    Mar 2011
    Beans
    680

    Re: In light of the attack

    The point I'm making is that the risk is there. People like to think that they'll never run into a hacked site, but we did. I think it was about 6 days where the attacker was in the system, before he put up the page that alerted the admins to it. In those 6 days he could have just as easily put up an exploit page, and a significant number of users would have hit it.
    sig

Page 1 of 4 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •