Ubuntu Forums Hacked
- Login o registrati per inviare commenti
https://ubuntuforums.org/announce.html/
This is a warning/notification to anyone who used to use Ubuntu forums, as I know some people here get their Trisquel help from there sometimes.
From their description of the announcement, it sounds a lot like their website was subject to a well-played SQL injection. Many websites have methods of filtering out attacks like this but there are many brute-force crackers who can eventually bypass the filters.
They claim that the passwords are encrypted, but as someone who is somewhat knowledgeable on SQL, I can say they likely used a one-way encryption method like SHA1 or MD5. This means that if you had a weak password, anyone could easily reverse the hash using a rainbow table (or one of the many websites that already have a huge collection of hash cracks easily available). Let this be a warning to anyone in the future who uses a weak password for any websites.
It seems as though ubuntuforums has no SSL encryption at the moment. If you want to see the announcement use this link instead:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2013-07-20 22:52, name at domain wrote:
> They claim that the passwords are encrypted, but as someone who is
> somewhat knowledgeable on SQL, I can say they likely used a
> one-way encryption method like SHA1 or MD5. This means that if you
> had a weak password, anyone could easily reverse the hash using a
> rainbow table (or one of the many websites that already have a huge
> collection of hash cracks easily available). Let this be a warning
> to anyone in the future who uses a weak password for any websites.
A weak password, re-use of passwords, etc...
While on the subject:
Ubuntuforums.org cracker promises no password release
http://www.theregister.co.uk/2013/07/23/ubuntuforums_cracker_promises_no_password_release/
F.
- --
Fabián Rodríguez
http://fsf.magicfab.ca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: PGP/Mime available upon request
Comment: Using GnuPG with Icedove - http://www.enigmail.net/
iEYEARECAAYFAlHvt1MACgkQfUcTXFrypNUXagCgsNvgMsWSglo7oGA3qYNtdwup
efIAoMcf6c+00fewkrHEHVnrWLaqU1Dt
=MIvb
-----END PGP SIGNATURE-----
- Login o registrati per inviare commenti