Novell OpenSUSE Server Hacked 329
abelikoff writes "Both LinuxWorld Australia and SuSE Linux Forums report that OpenSUSE website got hacked last night." This story was submitted quite a number of times.
Work is the crab grass in the lawn of life. -- Schulz
Details of the hack? (Score:5, Interesting)
Re:Linux Secure By Design? (Score:5, Interesting)
All these Worms on the net is a perfect example. And when you get down to it, even some of the poor administration is Microsoft's fault for making it "so easy you don't need an experienced technician...." When in fact they bury stuff so deep unless you know where it is, the necessary changes don't get made leaving everything as default.
I can't even begin to count how many times I've gone to a customer's location where they had an employee that was a self proclaimed geek that did all the setup and everything was not only wrong, it opened gaping holes on their network. Including things like having a USER logging in as Administrator on the server and using it as a workstation.
Plus I won't go into all the people who hold an MCSE that never touched a computer until they went to a 2 week bootcamp on how to pass the tests.
But, point in fact, any closed source application is subject to flaws that don't get patched because it's a small enough flaw that putting a programmer on it to fix it would cost more than keeping the flaw hidden.
Re:Rights or not (Score:5, Interesting)
Especially since Iranians a) speak Farsi, not Arabic, and b) aren't Arabs.
That IS the breach of security. (Score:5, Interesting)
Re:Practical upshot? Am I safe? (Score:3, Interesting)
My question is: Why bother hacking a Wiki? Can't you just make your own changes to it anyway?
The public image of the open source community. (Score:5, Interesting)
Now, perhaps this is just a case of amateurs being allowed to join a community that mainly consisted of academics and professionals. The high standards that the open source community once enjoyed are being degraded on a daily basis by developers who cannot write secure code (ie. many PHP developers), by developers who blatantly insult and ridicule their users (ie. the KOffice example earlier in this post), or companies that provide insecure, open source-based products.
Is there much that can be done about this? I'm not sure.
Nope, it isn't in Iran (Score:3, Interesting)
Dear Sir/Madam:
The OpenSuSE website was defaced either today or yesterday by an Iranian
hacker clan whose website is located on your servers. I checked the
whois data for the hacker clan's domain (ihsteam.com):
Majid NT
Bl Sajjad-milad 7 no. 12
Mashhad 8735452575
Iran
IP of the website (according to whois records of the ip, it is owned by
your company):
147.202.64.138
References:
http://www.opensuse.org/ [opensuse.org]
http://www.ihsteam.com/ [ihsteam.com]
In case the sites above have been changed, I've attached an compressed
archive saves of their main pages. I hope you'll see that ihsteam.com
is in direct violation of your AUP.
Sincerely,
Name
Phone
Email
They haven't replied yet, and the website is still up. But it IS a weekend.
Re:Don't blame LINUX (Score:3, Interesting)
To the Linux Bashers: (Score:2, Interesting)
Just a note. Anything can be hacked given enough patience, enough time, enough resources, and enough basic knowledge. There is no such thing as a 100% secure system, unless you are talking about a system that has been unplugged, encased in concrete, and sunk to the bottum of the ocean. Even then, I wouldn't be too sure. In other words, best that can be done is to make it a challenging thing to do. There is no system that cannot be penetrated by a talented hacker. This one, evidentally, from what I've read, was fairly talented...not your average script kiddie.
So lay off alright?