Ubuntu Forums hacked, passwords and emails stolen

[D_A]

Since so many are running Ooga Booga here there's bound to be a few who registered on their forums. Well their forums have been hacked and over 1.8 MILLION usernames, email addresses and encrypted passwords have been stolen. The passwords, as I just mentioned, were encrypted but it'still a good idea to make sure that you don't have any other accounts that share the same username or email and password.

Linkie: http://www.theregister.co.uk/2013/07...words_pinched/

[OldChap]

http://www.xtremesystems.org/forums/...-Forums-Hacked

Had to choose between here and a wider audience.... Either way I guess folks might miss it

Kinda glad it is now duplicated so everybody gets to see


(only time will tell if I remembered any/all places that might have shared anything)

[Evantaur]

what ing moron attacks ubuntu forums?

[D_A]

If you're using linux there's a nifty little utility called mkpasswd that will generate random character strings according to certain settings. The default is 9 total characters, two upper case, two numbers, one symbol, but you can change all of those settings with input flags. Just enter "man mkpasswd" for a full list and use examples. If you have root authority you can use it to change the passwords on other accounts on systems you control. Use it on someone else's account and "mirth" may ensue. Did I say "mirth"? I meant terrible vengeance. YMMV.

[Embalmed]

what ing moron attacks ubuntu forums?

LFS users, who else?

[D_A]

Actually, Canonical have upset quite a lot of Linux users over the last few years with their incessant meddling with things that worked just fine but weren't fancy and automated enough. The end result being that where a major system failure could often be recovered from just using a live CD and editing a couple of configuration files (which were almost always just text files with a specific name) the "Ubuntu way" is to make them into binary files that MUST have a very specific format or they will cause even worse problems. It's gotten so bad that the kernel development team are accepting less and less code that Canonical try to get them to integrate.
What Canonical are doing is trying to evolve Ubuntu into Linux based version of Windows and in doing so are destroying the very things about Linux that made people want to use it in the first place. Their interference is having ramifications on other commercial distributions in that their changes are being forced (by weight of user numbers) into kernal code (even allowing for the resistance I already mentioned) who are then being forced to maintain overly complicated and fragile code. The visual affront known as "Unity" was just the start. Canonical are currently trying to replace every layer of existing functionality with something of their own excessively convoluted and deliberately Linux unfriendly design.

[kiwi]

If they were SHA512 encrypted (most likely they were) then non dictionary based password owners have nothing to worry about really

[D_A]

When you can hit them with quad GPU mini clusters it doesn't take as long to crack out passwords as you might think. Even with decent salting it just adds computational complexity which can be partly overcome by dumping sheer computational horsepower into the problem. There is no such thing as "nothing to worry about" if you reuse passwords, it's just a case of how long until it cracks.

[Embalmed]

What Canonical are doing is trying to evolve Ubuntu into Linux based version of Windows and in doing so are destroying the very things about Linux that made people want to use it in the first place.

I'll be glad when they accomplish that (making ubuntu not Linux), because I am tired of people referring to linux when they really mean ubuntu. I love Linux, it lets me do some really cool things... however there are so many people who think they are buying the ability to be a snob, only for the cost of downloading an iso.