Overclock.net › Forums › Industry News › Software News › [theregister] OpenSUSE forums hacked in ANOTHER vBulletin attack
New Posts  All Forums:Forum Nav:

[theregister] OpenSUSE forums hacked in ANOTHER vBulletin attack

post #1 of 9
Thread Starter 
Quote:
Linux distro openSUSE’s public forums have been compromised and defaced and tens of thousands of user email addresses exposed after a hacker exploited a zero day flaw in the underlying vBulletin software.
Quote:
Credentials for your openSUSE login are not saved in our application databases as we use a single-sign-on system (Access Manager from NetIQ) for all our services. This is a completely separate system and it has not been compromised by this crack. What the cracker reported as compromised passwords where indeed random, automatically set strings that are in no way connected to your real password.

Source
post #2 of 9
Man alive; all I can see happening now is users posting about hatred towards Linux being "unsecure" when this is due to vbulletin. Then again, they should switch from the garbage system anyways if their motto is for security sakes. Just because your main product, that you promote, is based on being "secure", the rest of the standards portrayed by group should be aimed towards security as well.
post #3 of 9
Well put Domino.thumb.gif
Assimilator
(16 items)
 
Backup
(12 items)
 
s939
(11 items)
 
CPUMotherboardGraphicsRAM
Intel i7 4770k Gigabyte z97x-soc force XFX R7 260X Crucial Ballistix Sport LP  
Hard DriveHard DriveCoolingCooling
Crucial M500 Seagate  EK-KIT L120 Swiftech MCR-H220 
OSMonitorKeyboardPower
Arch Linux x86-64 HP E201 Cooler Master Rapid-i mx red/green led EVGA SuperNOVA 850B2 
CaseMouseMouse PadAudio
Corsair C70 Perixx MX-1800R Something from Radio Shack Altec Lansing 2.1 
CPUMotherboardGraphicsRAM
i5 4690k Gigabyte Z97x-ud3h-bk MSI r7770 Crucial 
Hard DriveHard DriveCoolingOS
Crucial m4 240GB Seagate Corsair H60 Arch Linux 
MonitorKeyboardPowerCase
HP 2009m Noppoo Lolita 87 Corsair HX650 Cooler Master Haf 912 
CPUMotherboardGraphicsRAM
AMD Opteron 185 DFI LANPARTY UT nF4 SLI-DR Expert EVGA 8800 GTS Corsair XMS-4000PT DDR500 
Hard DriveOptical DriveCoolingOS
Seagate Asus Thermalright XP-90  XP Pro 
PowerCaseAudio
Ultra XFinity Chrome ULT-XF500  Ultra Wizard ALC850 
  hide details  
Reply
Assimilator
(16 items)
 
Backup
(12 items)
 
s939
(11 items)
 
CPUMotherboardGraphicsRAM
Intel i7 4770k Gigabyte z97x-soc force XFX R7 260X Crucial Ballistix Sport LP  
Hard DriveHard DriveCoolingCooling
Crucial M500 Seagate  EK-KIT L120 Swiftech MCR-H220 
OSMonitorKeyboardPower
Arch Linux x86-64 HP E201 Cooler Master Rapid-i mx red/green led EVGA SuperNOVA 850B2 
CaseMouseMouse PadAudio
Corsair C70 Perixx MX-1800R Something from Radio Shack Altec Lansing 2.1 
CPUMotherboardGraphicsRAM
i5 4690k Gigabyte Z97x-ud3h-bk MSI r7770 Crucial 
Hard DriveHard DriveCoolingOS
Crucial m4 240GB Seagate Corsair H60 Arch Linux 
MonitorKeyboardPowerCase
HP 2009m Noppoo Lolita 87 Corsair HX650 Cooler Master Haf 912 
CPUMotherboardGraphicsRAM
AMD Opteron 185 DFI LANPARTY UT nF4 SLI-DR Expert EVGA 8800 GTS Corsair XMS-4000PT DDR500 
Hard DriveOptical DriveCoolingOS
Seagate Asus Thermalright XP-90  XP Pro 
PowerCaseAudio
Ultra XFinity Chrome ULT-XF500  Ultra Wizard ALC850 
  hide details  
Reply
post #4 of 9
Man that sucks. As an admin for a private server it's so god damn annoying dealing with spam accounts spamming threads all over our forum, so I can only imagine how hard and frustrating dealing with hackers and stolen information is.
    
CPUMotherboardGraphicsGraphics
Intel i5-2500k @Stock MSI P67A-G45 Gigabyte GTX 980 4GB WINDFORCE 3 Gigabyte GTX 980 4GB WINDFORCE 3 
RAMHard DriveOSPower
8GB DDR3 RAM Seagate 500GB 7,500RPM Windows 64-bit EVGA SuperNova P2 850W Platinum 
Case
Carbide Series® Air 540 
  hide details  
Reply
    
CPUMotherboardGraphicsGraphics
Intel i5-2500k @Stock MSI P67A-G45 Gigabyte GTX 980 4GB WINDFORCE 3 Gigabyte GTX 980 4GB WINDFORCE 3 
RAMHard DriveOSPower
8GB DDR3 RAM Seagate 500GB 7,500RPM Windows 64-bit EVGA SuperNova P2 850W Platinum 
Case
Carbide Series® Air 540 
  hide details  
Reply
post #5 of 9
Just to think I was about to buy a vBulletin license rolleyes.gif

I know this could happen to anybody, but it's pretty funny that this happened at the same time I started to think about supporting them.
magg0rt
(19 items)
 
  
CPUMotherboardGraphicsGraphics
i7 4930k @ 4.6Ghz MSI X79A-GD45 Plus PNY GTX 780 XLR8 Enthusiast Edition PNY GTX 780 XLR8 Enthusiast Edition 
RAMHard DriveHard DriveHard Drive
32GB Samsung 30nm RAM (8x4GB) 240GB Seagate SSD (Windows 8.1) 120GB Samsung 840 Pro (Fedora Linux) 120GB PNY XLR8 SSD (Steam) 
Optical DriveCoolingOSMonitor
HP DVD Writer 1070r Corsair H100i Windows 8.1 Pro x64 Planar SA2311W (120HZ) 
MonitorKeyboardPowerCase
ASUS VG248QE (144HZ) CM Storm QuickFire Pro Antec TruePower New 750w Corsair 200R 
MouseAudio
SteelSeries Xai ASUS Xonar DX 
  hide details  
Reply
magg0rt
(19 items)
 
  
CPUMotherboardGraphicsGraphics
i7 4930k @ 4.6Ghz MSI X79A-GD45 Plus PNY GTX 780 XLR8 Enthusiast Edition PNY GTX 780 XLR8 Enthusiast Edition 
RAMHard DriveHard DriveHard Drive
32GB Samsung 30nm RAM (8x4GB) 240GB Seagate SSD (Windows 8.1) 120GB Samsung 840 Pro (Fedora Linux) 120GB PNY XLR8 SSD (Steam) 
Optical DriveCoolingOSMonitor
HP DVD Writer 1070r Corsair H100i Windows 8.1 Pro x64 Planar SA2311W (120HZ) 
MonitorKeyboardPowerCase
ASUS VG248QE (144HZ) CM Storm QuickFire Pro Antec TruePower New 750w Corsair 200R 
MouseAudio
SteelSeries Xai ASUS Xonar DX 
  hide details  
Reply
post #6 of 9
Thread Starter 
vBulletin all over again.I remember back in November (sic) their statement in another accident.
Quote:
Given our analysis of the evidence provided by the Inject0r team, we do not believe that they have uncovered a 0-day vulnerability in vBulletin. These hackers were able to compromise an insecure system that was used for testing vBulletin mobile applications. The best defense against potential compromises is to keep your system running on the very latest patch release of the software.
http://arstechnica.com/security/2013/11/password-hack-of-vbulletin-com-fuels-fears-of-in-the-wild-0-day-attacks/
Thank you Domino. thumb.gif
Edited by BigTree - 1/9/14 at 10:01am
post #7 of 9
I wonder just how insecure vBulletin is. It's not like they have many other options. The only other good forum software is IPB. Then you have SMF and phpBB which are free but aren't that great.
Deimos (G4.P)
(18 items)
 
 
Arcturus (G4.S)
(9 items)
 
CPUMotherboardGraphicsRAM
Intel i7 5930K @ 4.3 Ghz ASUS X99 Deluxe II eVGA Titan X SC (1420/3900) 64GB Corsair Vengeance DDR4/2800 
Hard DriveHard DriveHard DriveCooling
Intel 750 400GB Samsung 850 Pro 512GB Samsung 850 Evo 1TB HEATKILLER IV PRO CPU Block 
CoolingOSMonitorKeyboard
HEATKILLER IV XL GPU Block Windows 8.1 Pro Dell P2715Q Corsair K95 RGB 
PowerCaseMouseAudio
Corsair AX860i Silverstone Fortress 2 Silver eVGA TORQ X10 Carbon Denon AVR-S510BT 
AudioAudio
JBL Studio 530 Dayton SUB-120 
CPUMotherboardGraphicsRAM
Intel i5 4670k @ 4.0 Ghz ASUS Z87-PRO eVGA Titan X SC (1435/4000) 32GB Corsair Vengeance DDR3/2400 
Hard DriveHard DriveCoolingOS
Samsung 850 Evo 1TB Samsung 850 Pro 512GB Noctua NH-U14S Windows 8.1 Pro 
MonitorKeyboardPowerCase
Dell P2415Q 24" 4K Display Corsair K90 RGB (MX Brown) SeaSonic M12II 850W SilverStone FT02S-W 
MouseMouse PadAudioAudio
eVGA Torq X10 Carbon eVGA Torq X10 Pad JBL Studio 530 Dayton SUB-120 12" Subwoofer 
CPUMotherboardRAMHard Drive
Intel Xeon D-1521 Supermicro X10SDV-4C-TLN2F 64GB Corsair Vengeance DDR4/2133 Samsung 850 Evo 500GB 
Hard DriveCoolingOSPower
Samsung 850 Evo 1TB bequiet! Silent Wings 2 120mm Windows Server 2016 Datacenter Corsair SF450 
Case
Fractal Design Node 202 
  hide details  
Reply
Deimos (G4.P)
(18 items)
 
 
Arcturus (G4.S)
(9 items)
 
CPUMotherboardGraphicsRAM
Intel i7 5930K @ 4.3 Ghz ASUS X99 Deluxe II eVGA Titan X SC (1420/3900) 64GB Corsair Vengeance DDR4/2800 
Hard DriveHard DriveHard DriveCooling
Intel 750 400GB Samsung 850 Pro 512GB Samsung 850 Evo 1TB HEATKILLER IV PRO CPU Block 
CoolingOSMonitorKeyboard
HEATKILLER IV XL GPU Block Windows 8.1 Pro Dell P2715Q Corsair K95 RGB 
PowerCaseMouseAudio
Corsair AX860i Silverstone Fortress 2 Silver eVGA TORQ X10 Carbon Denon AVR-S510BT 
AudioAudio
JBL Studio 530 Dayton SUB-120 
CPUMotherboardGraphicsRAM
Intel i5 4670k @ 4.0 Ghz ASUS Z87-PRO eVGA Titan X SC (1435/4000) 32GB Corsair Vengeance DDR3/2400 
Hard DriveHard DriveCoolingOS
Samsung 850 Evo 1TB Samsung 850 Pro 512GB Noctua NH-U14S Windows 8.1 Pro 
MonitorKeyboardPowerCase
Dell P2415Q 24" 4K Display Corsair K90 RGB (MX Brown) SeaSonic M12II 850W SilverStone FT02S-W 
MouseMouse PadAudioAudio
eVGA Torq X10 Carbon eVGA Torq X10 Pad JBL Studio 530 Dayton SUB-120 12" Subwoofer 
CPUMotherboardRAMHard Drive
Intel Xeon D-1521 Supermicro X10SDV-4C-TLN2F 64GB Corsair Vengeance DDR4/2133 Samsung 850 Evo 500GB 
Hard DriveCoolingOSPower
Samsung 850 Evo 1TB bequiet! Silent Wings 2 120mm Windows Server 2016 Datacenter Corsair SF450 
Case
Fractal Design Node 202 
  hide details  
Reply
post #8 of 9
Quote:
Originally Posted by SchmoSalt View Post

I wonder just how insecure vBulletin is. It's not like they have many other options. The only other good forum software is IPB. Then you have SMF and phpBB which are free but aren't that great.
XenForo?
Piji
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 4460 Gigabyte H97-D3H EVGA GeForce GTX 960 SuperSC ACX 2.0+ Kingston HyperX Fury 1866MHz 16GB 
Hard DriveHard DriveOptical DriveCooling
Samsung 840 EVO 250GB WD Caviar Green 1TB Pioneer DVR-S21FXV Noctua NH-U12S 
OSMonitorKeyboardPower
Windows 10 Pro x64 SAMSUNG P2270 Logitech K400 ENERMAX NAXN 450W 
CaseMouseMouse PadAudio
ENERMAX Clipeus ECA3210A Logitech Performance MX GIGABYTE PreSonus FireBox 
  hide details  
Reply
Piji
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 4460 Gigabyte H97-D3H EVGA GeForce GTX 960 SuperSC ACX 2.0+ Kingston HyperX Fury 1866MHz 16GB 
Hard DriveHard DriveOptical DriveCooling
Samsung 840 EVO 250GB WD Caviar Green 1TB Pioneer DVR-S21FXV Noctua NH-U12S 
OSMonitorKeyboardPower
Windows 10 Pro x64 SAMSUNG P2270 Logitech K400 ENERMAX NAXN 450W 
CaseMouseMouse PadAudio
ENERMAX Clipeus ECA3210A Logitech Performance MX GIGABYTE PreSonus FireBox 
  hide details  
Reply
post #9 of 9
Quote:
Originally Posted by SchmoSalt View Post

I wonder just how insecure vBulletin is. It's not like they have many other options. The only other good forum software is IPB. Then you have SMF and phpBB which are free but aren't that great.

You forgot MyBB. Probably the best alternative, its free and has the best performance of the three.
The Little Li
(18 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 2500K @ 4.7 Ghz ASUS Maximus IV GENE-Z MSI 1080ti Gaming X 16 GB PNY Anarchy 1866 Mhz 
Hard DriveHard DriveHard DriveOptical Drive
Crucial 250 GB M200 1 TB 7200 RPM WD Black 3 TB WD Red Pioneer Blu-Ray Burner 
CoolingOSMonitorKeyboard
Noctua NH-C14S | 120mm Noctua Reduxes Windows 10 64 Bit Samsung 34" 21:9 CF791 CM Storm QuickFire MX-Browns 
PowerCaseMouseAudio
Corsair HX850 Lian Li A04B Logitech G602 Onboard 
Other
Phillips Fidelio X2 | Klipsch ProMedia 2.1's 
  hide details  
Reply
The Little Li
(18 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 2500K @ 4.7 Ghz ASUS Maximus IV GENE-Z MSI 1080ti Gaming X 16 GB PNY Anarchy 1866 Mhz 
Hard DriveHard DriveHard DriveOptical Drive
Crucial 250 GB M200 1 TB 7200 RPM WD Black 3 TB WD Red Pioneer Blu-Ray Burner 
CoolingOSMonitorKeyboard
Noctua NH-C14S | 120mm Noctua Reduxes Windows 10 64 Bit Samsung 34" 21:9 CF791 CM Storm QuickFire MX-Browns 
PowerCaseMouseAudio
Corsair HX850 Lian Li A04B Logitech G602 Onboard 
Other
Phillips Fidelio X2 | Klipsch ProMedia 2.1's 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [theregister] OpenSUSE forums hacked in ANOTHER vBulletin attack