- Joined
- 11 yrs. 8 mth. 23 days
- Messages
- 5,010
- Reaction score
- 11,818
- Wallet
- 13,191$
- [email protected]
Ubuntu Forums are back to normal following a serious hack attack that exposed the usernames, email addresses and hashed passwords of 1.8 million open source users.
Parent firm Canonical restored the forums on Tuesday as well as publishing a detailed summary of what went wrong and the broad steps it has taken to beef up security.
Canonical blames the breach on a "combination of a compromised individual accounts and the configuration settings in vBulletin, the Forums application software".
Only the forums and not the popular Ubuntu Linux distribution nor any Canonical or Ubuntu services, namely Ubuntu One and Launchpad, were affected. "We have repaired and hardened the Ubuntu Forums, and as the problematic settings are the default behaviour in vBulletin, we are working with vBulletin staff to change and/or better document these settings," a statement by Canonical on its official blog explains.
The blog post goes on to give a blow-by-blow account of how the high-profile hack was carried out:
Canonical's postmortem of the attack concludes that the hacker(s) would have gained full access to the Forums database. This access was used to download the "user" table which contained usernames, email addresses and salted and hashed (using MD5) passwords for 1.82 million users.
The audit concludes that the hacker(s) was not able to gain any access to any other Canonical or Ubuntu services. The Ubuntu code repository and update mechanism were also beyond the reach of the hacker/s, the investigation concludes.
The open-source firm admits it hasn't yet gotten to the bottom of how the attacker gained access to the moderator account used to start the attack or what type of cross-site scripting attack was subsequently brought into play. "The announcement the attacker posted was deleted by one of the Forum administrators so we don’t know exactly what XSS attack was used," it said.
The initial compromise went unnoticed and it wasn't until the Ubuntu Forums were defaced on Saturday 20 July that the site was pulled offline. A Twitter user using the profile @Sputn1k_ subsequently claimed responsibility for the defacement.
Sputn1k_ subsequently said he hadn't planned to crack the stolen ubuntuforums.org credentials in a statement that suggested pure devilment and perhaps a desire to expose security flaws or gain bragging rights were behind the hack.
XSS (cross-site scripting) attacks are a common class of website vulnerability that allows (potentially malicious) content from a hacker-controlled site to be presented to surfers as if it came from a vulnerable site they are visiting. The ruse most often crops up in phishing attacks but it has other applications as well, as the Ubuntu Forums hack graphically illustrates.
Canonical's post goes on to provide a detailed description of steps it has taken to beef up its security and defend against future attacks.
The whole explanation is a model of openness and clarity that concludes with an apology about the data leak and downtime that came as a result of the breach.
Although users were inconvenienced by the breach - which left them without access to the forums for a week and obliged them to change their passwords - the restoration process was designed so that no data (posts, private messages etc) would be lost during the disaster recovery process. ®
source
Parent firm Canonical restored the forums on Tuesday as well as publishing a detailed summary of what went wrong and the broad steps it has taken to beef up security.
Canonical blames the breach on a "combination of a compromised individual accounts and the configuration settings in vBulletin, the Forums application software".
Only the forums and not the popular Ubuntu Linux distribution nor any Canonical or Ubuntu services, namely Ubuntu One and Launchpad, were affected. "We have repaired and hardened the Ubuntu Forums, and as the problematic settings are the default behaviour in vBulletin, we are working with vBulletin staff to change and/or better document these settings," a statement by Canonical on its official blog explains.
The blog post goes on to give a blow-by-blow account of how the high-profile hack was carried out:
Canonical's postmortem of the attack concludes that the hacker(s) would have gained full access to the Forums database. This access was used to download the "user" table which contained usernames, email addresses and salted and hashed (using MD5) passwords for 1.82 million users.
The audit concludes that the hacker(s) was not able to gain any access to any other Canonical or Ubuntu services. The Ubuntu code repository and update mechanism were also beyond the reach of the hacker/s, the investigation concludes.
The open-source firm admits it hasn't yet gotten to the bottom of how the attacker gained access to the moderator account used to start the attack or what type of cross-site scripting attack was subsequently brought into play. "The announcement the attacker posted was deleted by one of the Forum administrators so we don’t know exactly what XSS attack was used," it said.
The initial compromise went unnoticed and it wasn't until the Ubuntu Forums were defaced on Saturday 20 July that the site was pulled offline. A Twitter user using the profile @Sputn1k_ subsequently claimed responsibility for the defacement.
Sputn1k_ subsequently said he hadn't planned to crack the stolen ubuntuforums.org credentials in a statement that suggested pure devilment and perhaps a desire to expose security flaws or gain bragging rights were behind the hack.
XSS (cross-site scripting) attacks are a common class of website vulnerability that allows (potentially malicious) content from a hacker-controlled site to be presented to surfers as if it came from a vulnerable site they are visiting. The ruse most often crops up in phishing attacks but it has other applications as well, as the Ubuntu Forums hack graphically illustrates.
Canonical's post goes on to provide a detailed description of steps it has taken to beef up its security and defend against future attacks.
The whole explanation is a model of openness and clarity that concludes with an apology about the data leak and downtime that came as a result of the breach.
Although users were inconvenienced by the breach - which left them without access to the forums for a week and obliged them to change their passwords - the restoration process was designed so that no data (posts, private messages etc) would be lost during the disaster recovery process. ®
source