Someones hacked the official Ubuntu forum. It was based on vBulletin .
Ubuntu hasn't updated the forum with the latest patches.
They ’ve installed ModSecurity, a Web Application Firewall, to prevent further attacks.
And promised to keep their forum up to date in the future.
Source: https://insights.ubuntu.com/2016/07/15/n...1468833804
Woooh woooh this will be a big mess if not action emediately, since forum are a powerful tool for everyone to know what are the current updates.
(08-02-2016, 05:17 PM)Vuluts Wrote: [ -> ]Woooh woooh this will be a big mess if not action emediately, since forum are a powerful tool for everyone to know what are the current updates.
Yes, but this is not a big problem for most of users because the attackers can't get access to FTP servers to modify ISOs like they did with Linux Mint ISOs a few months ago.
It's a problem only for those users who use the same passwords at every place which is a very bad behavior.
From what I heard, the hackers didn't even got passwords as they use SSO. May be all user names and some hashed info. That's all.
(08-02-2016, 06:24 PM)meetdilip Wrote: [ -> ]From what I heard, the hackers didn't even got passwords as they use SSO. May be all user names and some hashed info. That's all.
I thought that it is possible to recover passwords from hashes, but it depends.
Under the hashes, may be it is just sso login info. Some were saying that it would not help or give the hacker the password which can be tried on other forums.