Canonical takes Ubuntu forums offline in wake of password breach - powersidowed
Canonical, makers of the Ubuntu Linux distribution, new announced that its Ubuntu serve forums suffered a security measures breach complete the weekend. Attackers were able to harvest an estimated 1.82 million user names, email addresses, and passwords from the situation. Canonical says information technology isn't sure how hackers were able to breach its systems and the company has taken the forums at Ubuntuforums.org offline as a precaution.
Canonical is warning anyone with an Ubuntu Forums account about the hack via email. The company is also advising users to commute their security credentials on other sites, especially netmail, if they misused the same password and username/email for other online services.
Ubuntu.com services such as Ubuntu Unitary are not believed to be affected past the hack since they do not share the same login account as the Ubuntu forums.
Malicious penguin
Fans of the Ubuntu forums began reporting that the site had been defaced on Saturday. The hacker or group of hackers WHO breached the site posted an image of a penguin (the Linux mascot is a penguin) holding an AK-47.
The message underneath the image recommended the hackers were more interested in exposing a poorly secured site than anything else. "None of this '[you got hacked] by albani4 c3bir 4rmy' overeat," the message on Ubuntu's forums site said. "Straight upward, you dun goofed. It's as simple As that."
It's not clear if the hackers design on exposing the database of drug user names and passwords online. Still, there is a definite possibility these account credentials could begin circulating around the less reputable areas of the Internet.
Canonical says forum substance abuser passwords were not stored in undecorated text and were hashed and salted. A hash uses a mathematical algorithm to convert plain text passwords into a series of numbers and letters. A specific hashish will create the same string of letters and numbers apiece metre for the same input (in this case a password). To piddle hashes more dependable they are further obscured by "salting," a process that inserts random bits into the hash making IT harder to guess the original password.
Canonical had not returned our request for comment at this composition, so information technology's non clear which hashing algorithm the company was using. However, a study from Ars Technica says Canonical was using the md5 hash. MD5 is a popular hashing algorithmic rule that is much used by software companies as a security chit to let users ensure downloaded executable files were non tampered with surgery corrupted. But md5 is non well-advised to constitute a promised prize for hashing passwords.
Batten the hatches
Reports of password breaches are always a blast to reevaluate your own online certificate practices. Always stool sure you are using unique passwords for every site you bring down online. For tips on generating your personal passwords check out PCWorld's "Learn to function strong passwords" operating theatre "Passwords: You're doing IT wrong. Here's how to make them uncrackable."
Role a password manager such as LastPass or Parole Dependable to store all your respective passwords for different online sites. These programs rear also create new passwords for you and can automatically fulfil out login forms for you.
Finally, activate two-factor authentication for whatever services that support this security valuate much as Battle.net, Dropbox, Evernote, Facebook, Gmail, Twitter, and Outlook.com. Cardinal-factor out authentication requires you to enroll a indorse, shorter temporary parole that is usually generated by a smartphone applications programme operating theatre small of import flim-flam.
Many services that offer two-factor authentication allow you to set trusted PCs so that you sole have to enter your credentials erstwhile on new PCs or browsers.
Sanctioned has not same when Ubuntu forums will equal backwards up. In the meantime, any Ubuntu user looking for support can check unsuccessful sites such as Tidy sum Switch over's Ask Ubuntu operating theatre Ubuntu Discourse.
Source: https://www.pcworld.com/article/452999/canonical-takes-ubuntu-forums-offline-in-wake-of-password-breach.html
Posted by: powersidowed.blogspot.com
0 Response to "Canonical takes Ubuntu forums offline in wake of password breach - powersidowed"
Post a Comment