Tag Archive for: Ubuntu

0-days hitting Fedora and Ubuntu open desktops to a world of hurt

/in

Enlarge

If you run a mainstream distribution of Linux on a desktop computer, there’s a good chance security researcher Chris Evans can hijack it when you do nothing more than open or even browse a specially crafted music file. And in the event you’re running Chrome on the just-released Fedora 25, his code-execution attack works as a classic drive-by.

The zero-day exploits, which Evans published on Tuesday, are the latest to challenge the popular conceit that Linux, at least in its desktop form, is more immune to the types of attacks that have felled Windows computers for more than a decade and have increasingly snared Macs in recent years.

While Evans’ attacks won’t work on most Linux servers, they will reliably compromise most desktop versions of Linux, which employees at Google, Facebook, and other security conscious companies often use in an attempt to avoid the pitfalls of Windows and Mac OS X. Three weeks ago, Evans released a separate Linux zero-day that had similarly dire consequences.

Read 8 remaining paragraphs | Comments

Technology Lab – Ars Technica

Canonical sets off alarm after Ubuntu forum data breach – Inquirer

/in

Inquirer

Canonical sets off alarm after Ubuntu forum data breach
Inquirer
LINUX FIRM Canonical has suffered a breach on the Ubuntu forums and is going full burn on the wretched servers. The firm explained in a statement that it noticed suspicious activity before too much damage was done, and immediately began cleaning things …
Ubuntu Forums data breach exposes 2 million usersSiliconANGLE (blog)
Canonical hack exposes private data of 2 million forum membersWired.co.uk
Flaw in vBulletin add-on leads to Ubuntu Forums database breachCSO Online
Infosecurity Magazine –iT News
all 12 news articles »

“data breach” – Google News

Ubuntu Forums hacked (again)

/in

Canonical, the company behind Ubuntu, has warned that there has been a security breach on the Ubuntu Forums site, resulting in the theft of two million members’ usernames, IP addresses, and email addresses:

At 20:33 UTC on 14th July 2016, Canonical’s IS team were notified by a member of the Ubuntu Forums Council that someone was claiming to have a copy of the Forums database.

After some initial investigation, we were able to confirm there had been an exposure of data and shut down the Forums as a precautionary measure. Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched.

Yes, you read that correctly. A patch was available, but no-one bothered to install the patch at Ubuntu Forums.

What a goof. If you don’t patch the software running on your website, don’t be surprised if a hacker compromises your system and makes off with your customer’s data.

If you think you may have heard a similar story in the past, your memory isn’t deceiving you. Ubuntu Forums was previously hacked in 2013.

Graham Cluley

Ubuntu Forums Suffer Data breach; Credit Goes to SQL Flaw – Hack Read

/in

Hack Read

Ubuntu Forums Suffer Data breach; Credit Goes to SQL Flaw
Hack Read
Another day another hack — This time, it's Ubuntu forums facing massive data breach affecting registered users! The official forum website for Ubuntu suffered a security breach on 14th July 2016 in which the unknown attackers used an SQL injection …

and more »

“data breach” – Google News