Forgot your password?
typodupeerror
This discussion has been archived. No new comments can be posted.

Novell OpenSUSE Server Hacked

Comments Filter:
  • Don't blame LINUX (Score:2, Insightful)

    by Work Account (900793)
    People always try to blame the software right away but usually it's poor administration.

    Linux is near-flawless in terms of security.
    • by Anonymous Coward
      "Linux is near-flawless in terms of security."

      so it could have been a linux flaw...
      buy you're right, on most pc's the weakest link is the user...
      • Pardon my obvious post-placement, trying to get this near the top and visible, but I suspect this is an important question for people to see, assuming answers are posted:

        What is the practical upshot of all this? Is the damage limited to the "Give us nuclear rights" web defacement, or was that just a front to make people think nothing else was damaged?

        I'm running SuSe 9.3, and this morning, I let the automated update program do it's thing. Did I download and install any breached files?

        TFA don't say anything.
        • by houghi (78078) on Sunday October 02, 2005 @01:29PM (#13699066)
          I'm running SuSe 9.3, and this morning, I let the automated update program do it's thing. Did I download and install any breached files?

          No. It was just the WiKi server that went down.
    • by grub (11606) <slashdot@grub.net> on Sunday October 02, 2005 @12:25PM (#13698718) Homepage Journal

      Linux is near-flawless in terms of security.

      You don't follow security mailing lists, do you? Most Linux distros have decent security but "near-flawless"?

      • Just for reference... Netcraft says the site was running Apache/2.0.49 for Linux/SuSE.

        Which part actually got hacked, the OS or the webserver itself??

        • Re:Don't blame LINUX (Score:3, Informative)

          by grub (11606)
          Which part actually got hacked, the OS or the webserver itself??

          Only those Iranians and the SUSE people know :) Regardless, running something like OpenBSD with its hardened & chroot'd apache could mitigate a lot of the damage. ie.: make most files read only to the httpd process, etc etc.
        • Which part actually got hacked, the OS or the webserver itself??

          Didn't RTFA but another poster mentionend something like "the Wiki server was hacked".
          So I would put my money on an exploit of one of the recent Twiki vulnerabilities.
          I know some websites that got hacked because of them.
      • near-flawless? (Score:4, Insightful)

        by nurb432 (527695) on Sunday October 02, 2005 @01:27PM (#13699055) Homepage Journal
        No modern OS is flawless. Due to feature creep and the massive amounts of code involved, none can really be considered 'near flawless'. ( agreed, some are better then others )

        Its the job of the administrators to mitigate and compensate for known, and unknown, security flaws.
      • Nor does he follow history very well.

        If there is one thing we can learn from history, its that anything flawless in its day has been prooven flawed eventually.

        In the computer world its only that much more of a smack in the face.

        Linux exploits are found all the time, and yes, maybe they are found less often, or fixed faster than on other operating systems (..maybe..) but they exist, and always will.
    • by Anonymous Coward
      People always try to blame the software right away but usually it's poor administration.
    • by dasunt (249686) on Sunday October 02, 2005 @12:36PM (#13698800)
      People always try to blame the software right away but usually it's poor administration.

      Isn't this the same flaw Windows has?

      • Hey, (Score:5, Funny)

        by Create an Account (841457) on Sunday October 02, 2005 @12:44PM (#13698846)
        Your logic and reason are not welcome here.
      • "Isn't this the same flaw Windows has?"

        Yes. But it's not the only one. Many people can say "I know how to configure Windows, I didn't get any virus or worm yet"

        I just say: wait till you get hit (it's "when" not "if") and then that will shatter any confidence you have in Windows and in your ability to secure it.
        • Actually, I disagree. I've been running Windows networks for over a decade without a single virus or spyware infection. Interestingly, we've had a nearly identical amount of successful hacks on both our web-facing Windows and Linux machines. I would say I'm pretty much on par with the Linux admin in terms of skills and knowledge, and we are both in agreeance that no matter what you do, eventually you will get hacked. Just like you will eventually be a victim of some sort of crime in the Real World, if you s
      • by _Sprocket_ (42527)
        Yes, it is the same flaw. But don't worry. I understand that with all the new work in pricing schemes, DRM, aggressive disregard for industry changes, etc Microsoft will be eliminating a large number of users (and thus Admins), thus creating a much more secure Windows environment.
      • by starfishsystems (834319) on Sunday October 02, 2005 @06:19PM (#13700435) Homepage
        Isn't this [poor administration] the same flaw Windows has?

        It's a reasonable question to ask.

        Yes, fundamentally it's true that configuration management has a significant effect on security. To be precise, this is not a flaw, but a characteristic. A site which is in full control of system configuration will have formal security advantages over one which isn't, and this is universally true regardless of platform.

        However, the story is told from a much different perspective when it comes to evaluating the security of a given platform. Configuration remains a major factor in security, but it has to be weighed in light of platform capability. So, for example, a very simple network appliance with a very small configuration space has the prospect of being very secure. An ideal appliance cannot be configured insecurely. In practice, that may or not be the case, depending as always on design tradeoffs and correctness of implementation.

        Apart from pure appliances, all computing platforms must, for reasons of generality, offer configuration possibilities that put some security tradeoffs in the hands of site administrators. Such is the case for both Linux and Windows, so indeed poor administration can always result in poor security on a sufficiently general platform.

        The practical focus, therefore, has turned to how securely these platforms are configured by default. Interestingly, even though Windows is marketed for nonexpert use, it has a long tradition of being configured insecure by default, exactly the opposite of what would be appropriate for a nonexpert market. It also, in my opinion, embodies a lot of fundamentally insecure design tradeoffs, neglecting principles such as modularity, containment, and least privilege, for example. These are extremely deep design problems, not easily fixed.

        Linux and Unix, although designed by developers for developers, and therefore intended for expert use, have a record of delivering much better security by default. I can think of lots of particular exceptions, but they have tended to be minor design tradeoffs that could be, and were, easily corrected. Security incident statistics seem to reinforce these observations very strongly.

        In my line of work, I get to see what goes on behind the scenes at a lot of sites. It's not often that I come upon a site which is not suffering to some significant degree from a chronic neglect of configuration management. All discussion of platform characteristics aside, this is a real problem on the ground for security.

        The issue, in terms of value for effort, then becomes to identify which of these sites is (a) at most immediate risk, and (b) has the best potential of improvement. In the former case, I find that the answer is Windows, and in the latter, it's Linux.

    • by goMac2500 (741295)
      People always try to blame the software right away but usually it's poor administration. Windows is near-flawless in terms of security. Sound familiar?
    • Where are people like you when someone's harping on about microsoft security issues? :-P
  • *sigh* (Score:5, Insightful)

    by the-amazing-blob (917722) on Sunday October 02, 2005 @12:21PM (#13698704) Journal
    I still will never understand why people do stupid things like hack websites.
    • I've yet to understand what they said. The grammar and spelling were atrocious.
      • Thanks to being nerds AND locked in country with extreme muslim laws we are never EVER going to loose our virginity, not even to the goats, so we are going to bug harmless sites to convince the rest of the world that not only we shouldn't have nuclear reactors, we shouldn't have internet access either.

    • Re:*sigh* (Score:5, Insightful)

      by jupiter909 (786596) on Sunday October 02, 2005 @12:50PM (#13698875)
      Hacking websites is not stupid. It's proof of concept. It is often good when people hack/crack things, it forces for tighter control and security. If not for people hacking and cracking things we would not have things such as online shopping and ssh encrpytion etc. It is all part of a never ended life cycle. More often than not it is poor management/admin than the software/systems themselves. Human error.

    • to understand why people hack websites. Here, I'll list out some possibilities for you:

      • Bragging rights
      • Revenge
      • Getting a message across (free advertising)
      • etc. etc.
  • ouch (Score:5, Funny)

    by Anonymous Coward on Sunday October 02, 2005 @12:22PM (#13698710)

    They could just run OpenBSD [openbsd.org].
    • wouldn't it be more prudent to run CLOSEDBSD?
    • I take it your admitting to be the Iranian hacker? You seem to be aware of a linux exploit which allowed you to hack into the opensuse.org web server.

      Or I suppose its more likely you don't have a clue and there is a greater probability that the exploit was in the php application they were running on top of linux+apache and rather than being hacked the website was defaced.

      And if that turns out to be the case then it would have made no difference whether they were running on linux, BSD, or any other OS. The s
  • by Anonymous Coward on Sunday October 02, 2005 @12:23PM (#13698711)
    How does hacking this website help to put your voice ? Other than geeks, how many people check that website. If they had hacked CNN or BBC, it would have been noticed significantly. Soon this would go into oblivion. Makes me wonder what has nuclear progam to do with open source linux ?
    • I didn't know they had computers in Iran. Maybe they only use them for hacking, and not for checking up on news, or reading about the diffrences between Government Agencies and Operating Systems.
      • I didn't know they had computers in Iran.

        The picture on the site was linked to ihsteam.com.
        A trace leads to teamnet.net. A whois shows a US company.

        Their DNS server is ns3.simorgh.co.uk, although they could just have hacked that as well. Just look at http://simorgh.co.uk/ [simorgh.co.uk]

        So even though the whois data is in Iran, there is no need for them to have a PC.
    • Because, this will make the regular news. That will include CNN, and BBC.

      Why? because it does not happen often to a major linux site. It would be like having millions stolen from a site that runs a none Windows such as a unix site. It will make news just because it is none windows.
  • by michaelzhao (801080) on Sunday October 02, 2005 @12:24PM (#13698714)
    The Iranian hackers should first learn English. I was banging my head on the table reading that grammatically incorrect junk.
  • how rude..... (Score:2, Insightful)

    by The_Candyman (463167)
    Of corse this had to happen just a few days before OpenSuSe released the latest version 10.0 final. Now I'm assuming that there will be a delay there to make sure nobody added any "extra" software. I've been waiting for it to come out since I tried beta 1 of 10.0.
  • by Necrotica (241109) <cspencer@noSPAm.lanlord.ca> on Sunday October 02, 2005 @12:26PM (#13698727)
    The US and EU better let Iran develop a nuclear energy program or these senseless acts of web terrorism will never stop!
  • by Utopia (149375) on Sunday October 02, 2005 @12:26PM (#13698731)
    http://wiki.novell.com/ [novell.com]
    Site is currently down.

  • Details of the hack? (Score:5, Interesting)

    by Trigulus (781481) on Sunday October 02, 2005 @12:28PM (#13698746) Journal
    Was this a targeted attack? Did they just fall victim to a script? Unpatched vulnerability? Weak password? what? Im just asking cause none of the links provided answer this.
  • ssh scan (Score:5, Informative)

    by perp (114928) on Sunday October 02, 2005 @12:30PM (#13698765)
    This server probably had a weak root password and was hacked by one of the several automated ssh bruteforcers out there http://www.linux.com/article.pl?sid=05/09/15/16552 34 [linux.com]

    I see these attacks all the time on all Internet facing servers.

    • Got some really weird attempts to login on ssh from egypt. Nothing special except it did seem odd to try to do this with SSH seeing has how any sensible person would use keys, if you still have to guess the username AND then a 3kb key I wish you good luck.

      Goes to show that you always need to check your machine. I had no need for remote ssh access so why did I leave it enabled.

      Oh well, luckily I have no business with the arab nations so they are now all banned. Blame the ISP in question for not reacting.

    • Re:ssh scan (Score:4, Insightful)

      by schon (31600) on Sunday October 02, 2005 @12:45PM (#13698852)
      Why the hell do they allow root logins over SSH in the first place?

      Any security admin worth their salt would have turned this off when it was installed - not to reduce break-ins (although it does help mitigate a weak root password), but to provide an audit trail for people who are allowed to use root.

      *sigh*
      • Why the hell do they allow root logins over SSH in the first place?

        Yeah, much better with a bunch of sudo-users so instead one root password you now have bunch of them. Besides, they should disable password login in any case.

        • SSH in as user, then su. Adds an extra layer of security to get through, provided there's no easy writable suid file and any root apps are kept up to date, and that kind of attack is harder to automate.
      • Why the hell do they allow root logins over SSH in the first place?
        Allowing or disallowing root logins is configurable in OpenSSH. Incidentally, SuSE ships with root login over SSH disabled by default.
      • Re:ssh scan (Score:5, Informative)

        by jaclu (66513) on Sunday October 02, 2005 @03:16PM (#13699613)
        I have a hard time to see the gain in security by disalowing root but allowing users to login and then sudo.

        In the case of three admins, you would end up with three accounts that could be exploited, rather increasing if anything the risk of direct ssh exploits.

        Once the bad guy is in, he has all the local exploit possibilities to gain root, so your already in trouble if they get in.

        So as long as you do ssh with passwords, disalowing root-login dosent really buy you any security, but it hassels the admins each and every day.

        On the other hand, prefered method would be to login with keys and disallow passwords completely whenever possible.
        • Re:ssh scan (Score:5, Informative)

          by Gogo0 (877020) on Sunday October 02, 2005 @04:46PM (#13700018)
          Part of the security comes from non-root logins being unknown.

          One could try to use a non-root user to bruteforce their way into my system, but they'll either get one (probably created by an application) with /dev/null as a shell or they will be trying usernames that dont exist.
        • Re:ssh scan (Score:5, Informative)

          by despisethesun (880261) on Sunday October 02, 2005 @06:16PM (#13700421)
          I have a hard time to see the gain in security by disalowing root but allowing users to login and then sudo.

          You must not have much experience with sudo. One of the benefits of it is that it allows you to give root permission to people for specific tasks that they would need that access level for. While there are certainly a lot of people who set their sudoers file to "allow all" for everyone, if sudo is properly implemented no one should be able to do anything they don't NEED to do as root. Sudo also has the benefit of keeping track of what users used it to do what tasks, making it easier to trace the path an attack came from.

          Gogo0 also mentioned an added benefit to this scheme so I'm not going to repeat it here.
        • Re:ssh scan (Score:3, Informative)

          by drsmithy (35869)
          I have a hard time to see the gain in security by disalowing root but allowing users to login and then sudo.

          The two biggies are greater control over what can and can't be executed with root privileges and an audit trail.

    • Re:ssh scan (Score:2, Informative)

      by Nikademus (631739) *
      That means, they were not smart enough to:
      1: change default ssh port
      2: disallow direct root logins via ssh

      Those 2 simple principles prevent many things.
    • Well I disable root access to that, use only ssh2, use keys, use deny all users/allow only users to limit who can logon, and use a nonstandard port.

      Not perfect but works well for me.
  • by sjvn (11568) <sjvn@@@vna1...com> on Sunday October 02, 2005 @12:31PM (#13698768) Homepage
    The LinuxWorld Australia story is actually about an earlier break-in of a Novell system that was being used for World of Warcraft related stuff, not the OpenSUSE site at all.

    Steven
  • by blanks (108019) on Sunday October 02, 2005 @12:39PM (#13698813) Homepage Journal
    The open SuSE website wasnt hacked, it was a damn gamming machine they had on their network.

    From TFA:

    "The employees that set it up apparently had no idea of security," Brandon said. "But what is really surprising is that Novell would allow employees to set up game servers on their corporate network and then allow the public to access it."

    "There was no major breach of security here," Barney said. "Needless to say, we are taking the appropriate steps" to address the situation.
  • Looks like that SSH login/password brute force scanning attack that's been going for the past year or so. So some employees setup an easily SSH login on a gaming server? So what. Only part I can't figure out is why was the box public?
    • It's a gaming server: you need to make the IP addresses public, or at least make a tunnelable port on your external facing NAT address, to publish the server for others.

      Such servers, even if allowed on a corporate network, should be in a locked down DMZ area of their network, and any such machines should not have the same logins or passwords as other machines. Public SSH key access is preferred if the machine has to have user accounts.
  • This would not have happened if the people at Novell had used Ubuntu Linux. :)

  • They have a website (Score:3, Informative)

    by gcnaddict (841664) on Sunday October 02, 2005 @12:52PM (#13698889)
    the hacker team has a website [ihsteam.com] to add to that, its likely being hosted in iran so no one can do jack shit
    • Now I have seen everything. A "Hacker" sight, that runs a packaged content managment setup and ad banners. Nothing against content managment scripts, but this is just unusual.
    • by Toba82 (871257)
      It's not being hosted in Iran. It's hosted in the US by Virtuoso Net Solutions inc. I sent this email to abuse@virtuosonetsolutions.com yesterday about 7 PM (I sent them my real info, obviously):

      Dear Sir/Madam:
      The OpenSuSE website was defaced either today or yesterday by an Iranian
      hacker clan whose website is located on your servers. I checked the
      whois data for the hacker clan's domain (ihsteam.com):

      Majid NT
      Bl Sajjad-milad 7 no. 12
  • by alhaz (11039) on Sunday October 02, 2005 @12:54PM (#13698899) Homepage
    The OpenSuSE server has been sucking wind for weeks, and i know for a fact that trouble tickets have been submitted about it within Novell.

    Maybe they were just trying to lend a hand with the administration . . . .
  • Blog of the hacker (Score:2, Informative)

    by Vario (120611)
    The head of the defacement crew has a blog that is kind of interesting to look at: http://www.c0d3r.org/ [c0d3r.org]

    He is a movie fan and was just accepted to a university.

    Some bits of information can be found here:
    http://www.zone-h.org/en/defacements/view/id=29173 90/ [zone-h.org]

    Besides the OpenSuSE website they also hacked into wiki.novell.com and forge.novell.com.

    Too bad that the Iranian hackers used OpenSuSE for their political stuff. It seems a bit misplaced, what does a linux distribution has to do with the question whether

  • Told you so (Score:3, Funny)

    by CSHARP123 (904951) on Sunday October 02, 2005 @01:01PM (#13698928)
    I had told novell not to run their websites on Windows OS. They wont listen. See now
  • Not Good for Iran (Score:5, Insightful)

    by KidSock (150684) on Sunday October 02, 2005 @01:14PM (#13698998)
    Dear Hackers,

    If you're going to hack websites, don't try to justify your idiotic hobby by turning it into a political posterboard. It has the opposite effect you're looking for. The thing that scares people most is unpredictable behavior. If Iran were calm, clear in stating there intentions, and followed all the diplomatic protocols with a smile there would be no way for anyone to stop them from builting reactors (wheather it be for processing fuel for weapons or not). But stupid stuff like this make Iranians look like evil subversives. Just look at the graphic they posted. It looks like the shadow of some kind of daemon with horns. This is not a good image for Iran.

    Or if it's a different group impersonating iranians, you're just losers.
  • let me guess, iptables not enabled, no firewall service up, no bfd, SSH was up unfiltered and the root pass was a 3 letter word like god, to quote the movie "hackers" with angelina jolie. Hack the gibson. Hack the planet. Go Iran. Just kidding.

    Alot of people are reluctant to use a firewall, even though you can easily do it with SuSE and YaST2.

    I have the pay version of SuSE9.3 Pro, which is well worth the $99 price tag.
    I mostly run fedora core boxes though, and this is a really good alternative to other ipta
  • by CyricZ (887944) on Sunday October 02, 2005 @01:46PM (#13699149)
    I think it is time for the open source community, as a whole, to better consider its public image. Incidents like this, involving one of the premiere Linux vendors, do unfortunately tarnish the image of our community quite badly. And then you have rogue open source developers publically insulting users [slashdot.org]. Such incidents make people remember open source software for all the wrong reasons.

    Now, perhaps this is just a case of amateurs being allowed to join a community that mainly consisted of academics and professionals. The high standards that the open source community once enjoyed are being degraded on a daily basis by developers who cannot write secure code (ie. many PHP developers), by developers who blatantly insult and ridicule their users (ie. the KOffice example earlier in this post), or companies that provide insecure, open source-based products.

    Is there much that can be done about this? I'm not sure.

Luck, that's when preparation and opportunity meet. -- P.E. Trudeau

Working...