Slashdot Mirror

← Back to Stories (view on slashdot.org)

Novell OpenSUSE Server Hacked

Posted by ryuzaki0 on from the hate-when-that-happens dept.

abelikoff writes "Both LinuxWorld Australia and SuSE Linux Forums report that OpenSUSE website got hacked last night." This story was submitted quite a number of times.

29 of 329 comments (clear)

  1. Don't blame LINUX by Work+Account · · Score: 2, Insightful

    People always try to blame the software right away but usually it's poor administration.

    Linux is near-flawless in terms of security.

    --

    If you "get" pointers add me as a friend (116)!
    1. Re:Don't blame LINUX by Anonymous Coward · · Score: 2, Insightful

      "Linux is near-flawless in terms of security."

      so it could have been a linux flaw...
      buy you're right, on most pc's the weakest link is the user...

    2. Re:Don't blame LINUX by grub · · Score: 5, Insightful


      Linux is near-flawless in terms of security.

      You don't follow security mailing lists, do you? Most Linux distros have decent security but "near-flawless"?

      --
      Trolling is a art,
    3. Re:Don't blame LINUX by Anonymous Coward · · Score: 1, Insightful

      Could very well be poor setup/administration, you have a point!

      I have to note, I have not read the original article yet, so you may be 'spot-on' & it may note the very thing you point out. It usually is the case.

      However, you also cannot fully discount this, or problems like it, might actually be some completely NEW problem found in Linux itself, or rather, this particular distro (this goes for MS &/or Apple wares as well, not just Linux/Unix/BSD etc.)!

      (Man, because this happens ALL the time (browsers, apps, OS' & such of all types)... it's a real pain-in-the-A$$, but a fact of life today. One with SOME GOOD SIDES TO IT THOUGH, in that it points out flaws that may exist since someone used some particular method of penetration & it's now known if it was not before!)

      APK

      P.S.=> What 'spooks me'? Isn't the ones that are known, or found & exposed publicly (to get either MS, apple, or the numerous Linux vendors off their butts to do something about it etc. if needed)... but, the ones that do NOT talk about it period, & utilize vulnerabilities 'secretly', never publicly noting their methods (be they OS vulnerabilities, or apps like browsers etc.)... they're the TRUE danger imo... apk

      APK

    4. Re:Don't blame LINUX by Anonymous Coward · · Score: 1, Insightful

      Yeah.. I guess those various Kernel level vulns I've patched over the years didn't exist.

      Near flawless my ass.

    5. Re:Don't blame LINUX by Anonymous Coward · · Score: 1, Insightful

      If the system makes it hard to secure, then it's not particularly effective.

    6. Re:Don't blame LINUX by ScrewMaster · · Score: 4, Insightful

      The problem comes in when you are, yourself, an OS vendor. It's really hard (from a marketing/PR perspective) to have your site run a BSD when you happen to sell a major Linux distro. Or have a major online service you bought run Solaris when you happen to make Windows, for that matter. Customers (and potential customers) will rightfully wonder why you don't have confidence in your own product.

      --
      The higher the technology, the sharper that two-edged sword.
    7. Re:Don't blame LINUX by _Sprocket_ · · Score: 2, Insightful

      Yes, it is the same flaw. But don't worry. I understand that with all the new work in pricing schemes, DRM, aggressive disregard for industry changes, etc Microsoft will be eliminating a large number of users (and thus Admins), thus creating a much more secure Windows environment.

  2. *sigh* by the-amazing-blob · · Score: 5, Insightful

    I still will never understand why people do stupid things like hack websites.

    1. Re:*sigh* by jupiter909 · · Score: 5, Insightful

      Hacking websites is not stupid. It's proof of concept. It is often good when people hack/crack things, it forces for tighter control and security. If not for people hacking and cracking things we would not have things such as online shopping and ssh encrpytion etc. It is all part of a never ended life cycle. More often than not it is poor management/admin than the software/systems themselves. Human error.

    2. Re:*sigh* by the-amazing-blob · · Score: 4, Insightful

      But if nobody hacked anything, there wouldn't be a need for better security.

      I'm too idealist for my own good.

    3. Re:*sigh* by gowen · · Score: 2, Insightful

      You know, murders are good too, because they encourage us to employ smarter policemen and develop better forensic science.

      --
      Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  3. How does this help ? by Anonymous Coward · · Score: 4, Insightful

    How does hacking this website help to put your voice ? Other than geeks, how many people check that website. If they had hacked CNN or BBC, it would have been noticed significantly. Soon this would go into oblivion. Makes me wonder what has nuclear progam to do with open source linux ?

    1. Re:How does this help ? by WindBourne · · Score: 2, Insightful

      Because, this will make the regular news. That will include CNN, and BBC.

      Why? because it does not happen often to a major linux site. It would be like having millions stolen from a site that runs a none Windows such as a unix site. It will make news just because it is none windows.

      --
      I prefer the "u" in honour as it seems to be missing these days.
  4. how rude..... by The_Candyman · · Score: 2, Insightful

    Of corse this had to happen just a few days before OpenSuSe released the latest version 10.0 final. Now I'm assuming that there will be a delay there to make sure nobody added any "extra" software. I've been waiting for it to come out since I tried beta 1 of 10.0.

  5. Don't Blame Windows by Anonymous Coward · · Score: 3, Insightful

    People always try to blame the software right away but usually it's poor administration.

    1. Re:Don't blame WINDOWS by Anonymous Coward · · Score: 1, Insightful

      People always try to blame the software right away but usually it's poor administration.

      Windows is near-flawless in terms of security.

      That's about as true as your comment, yet I don't hear a lot of that said around here.

      Next time you want to post how Linux is "near-flawless", why don't you take a breath, not post it (because somebody else is sure to), and then, the next time a Windows hack story comes up, not post in that story either (because somebody else is sure to)?

      The end result will be a greater signal:noise ratio, less hypocrisy, and your abstinence in both cases cancel each other out in terms of bias.

  6. Re:Oh sweet sweet irony... by $RANDOMLUSER · · Score: 2, Insightful

    The point is, it was a Suse website, running Suse that got hacked.
    If a Microsoft windows 2003 site, running Windows 2003 was the victim, then yeah, I think it would make the front page.

    --
    No folly is more costly than the folly of intolerant idealism. - Winston Churchill
  7. Re:ssh scan by schon · · Score: 3, Insightful

    Why the hell do they allow root logins over SSH in the first place?

    Any security admin worth their salt would have turned this off when it was installed - not to reduce break-ins (although it does help mitigate a weak root password), but to provide an audit trail for people who are allowed to use root.

    *sigh*

  8. Re:Rights or not by Halfbaked+Plan · · Score: 3, Insightful

    Probably, if he hacks an Arabic site and plans to blather on the pages, he'll have a competent Arabic speaker help compose the text. Really, that's the point.

    --
    resigned
  9. Re:Rights or not by klykken · · Score: 5, Insightful

    You might have confused the Arabic language with the Persian language (Farsi). They share the same alphabet but are entirely different.

    --
    Looks like a fish, drives like a fish, steers like a cow.
  10. Practical upshot? Am I safe? by thc69 · · Score: 3, Insightful

    Pardon my obvious post-placement, trying to get this near the top and visible, but I suspect this is an important question for people to see, assuming answers are posted:

    What is the practical upshot of all this? Is the damage limited to the "Give us nuclear rights" web defacement, or was that just a front to make people think nothing else was damaged?

    I'm running SuSe 9.3, and this morning, I let the automated update program do it's thing. Did I download and install any breached files?

    TFA don't say anything. One is dead already, and the other is useless.

    I mean, I understand that there's a lot to discuss regarding security policies and server operating systems, but there are people who could be immediately affected here.

    --
    Procrastination -- because good things come to those who wait.
    1. Re:Practical upshot? Am I safe? by darco · · Score: 2, Insightful

      > Because it is not a good source of energy in its present state.

      That would explain why the French and Japanese have abandoned it.

      Nuclear power is orders of magnitude safer than it was decades ago. I'd much rather have a source of energy with a waste that I can dispose of in a controlled fashion rather than one which pours pollutants into the air we breathe. The only reason we don't use more nuclear energy here in the US is because of politics, not science or practicality.

      Not to say anything about Iran having nuclear capability. I'll pass speculating on that hot-potato.

      --
      — darco
    2. Re:Practical upshot? Am I safe? by _Sprocket_ · · Score: 3, Insightful

      Way to hijack a conversation. :P

      Your call for isolationism has a certain appeal. I'm generally a believer that far too many people are overly concerned with whats going on in their neighbor's yard. However, isolationism is not a panacea. Interestingly enough, the US' involvement in the Middle East began within decades of the formation of the US in the form of the Barbary Wars even though the new US Government often expressed a belief in isolationism. Yet they soon discovered that the US interacted in the world around them and could not be separate from it.

      That's not to say that the US hasn't managed periods of isolationist policies. US history shows some remarkable stretches of isolationism. But such policies only served to create the hardest lesson in recent US history - World War II. The cost associated with World War II was only increased by attempts to limit direct involvement of the US in what was viewed to be an European affair (although Europeans themselves also contributed with their own reluctance to act).

      World War II leads directly in to the Cold War and the US' attempts to curtail Soviet influence. And perhaps that is where the US commits the sins we will be paying for today and tomorrow. Although I find it rather interesting that when critics of US policy point to various fumbles and embarrassments, they fail to note Soviet involvement. Which isn't to say that the US is excused for their actions - but rather some perspective would provide a better understanding of why things were done.

      So does the US have a "right" to dictate to others what they can and can not do? Hardly. There is such a thing as a sovereignty. But to claim that the US should have no involvement in the world around it is simply setting up the US to become victim to the day when its people and shores are under attack. I hate to sound anything like the Bush Administration. Yet there are certainly others who have less qualms about rights than the US. And history shows how that turns out for anyone who ignores it.

      On Iraq, I mostly agree. The current Administration's handling of the situation is unsettling, to say the least. There seems to be a certain degree of willful ignorance and a lack of understanding and planning that shows itself not only in foreign policy, but domestic policy too.

      However, Iraq was bound to happen. While critics of the Bush Administration are, more or less, right to criticize the reasoning given for this war - they tend to gloss over the fact that the Iraq war comes at an end of a CEASE FIRE agreed to in the early '90s. No folks, this is not a new thing; US military personnel have been in the region maintaining vigilance for over a decade without daily CNN coverage. That entire time is under a state of war. And during that time, Saddam willfully defied UN mandates and conditions of that cease fire agreement.

      Yet Saddam was probably not intended to stay in power. The Senior Bush was wise enough to not completely dismantle the world's fourth largest standing army, and create a vacuum for neighboring influence (such as Iran). And it was probably wise to try and void the troubles we are facing today by giving the Iraqi people a chance to handle Saddam themselves. But Saddam is exceptionally gifted at survival (and also ruthlessly brutal). It would take direct involvement to remove Saddam's regime after all.

      There might be a slim chance that the Iraqi government to be will become a secular democracy, with enough economic power behind it to flourish. There are possible echoes of Germany and Japan. But the reality is that the odds are against this happening. Partly due to external influences. And (arguably) largely due to the planning of the Bush Administration.

      What about Iran? I don't find it too surprising that Iran's intentions meet a certain degree of skepticism. It seems odd that Iran's quest for energy would have to involve a process that can be directly applied to acquiring massively powerful weapons when it is itself the World's fourth largest producer of fossil fuel (right behind the US - Iraq is at 14th) as well as having ample opportunity to develop other alternative (and less dangerous) alternative energy systems.

  11. Not Good for Iran by KidSock · · Score: 4, Insightful

    Dear Hackers,

    If you're going to hack websites, don't try to justify your idiotic hobby by turning it into a political posterboard. It has the opposite effect you're looking for. The thing that scares people most is unpredictable behavior. If Iran were calm, clear in stating there intentions, and followed all the diplomatic protocols with a smile there would be no way for anyone to stop them from builting reactors (wheather it be for processing fuel for weapons or not). But stupid stuff like this make Iranians look like evil subversives. Just look at the graphic they posted. It looks like the shadow of some kind of daemon with horns. This is not a good image for Iran.

    Or if it's a different group impersonating iranians, you're just losers.

  12. near-flawless? by nurb432 · · Score: 3, Insightful

    No modern OS is flawless. Due to feature creep and the massive amounts of code involved, none can really be considered 'near flawless'. ( agreed, some are better then others )

    Its the job of the administrators to mitigate and compensate for known, and unknown, security flaws.

    --
    ---- Booth was a patriot ----
  13. Re:ssh scan by VStrider · · Score: 2, Insightful

    and last but not least

    3. install a port knocking daemon, like fwknop, or knockd

    --
    VStrider.
  14. Re:As you can see by LnxAddct · · Score: 5, Insightful

    It's a little worse than that. The IHS guys aren't just script kiddies, their lead guy's blog is here. He is apparently very active in writing exploits and gives code to all of them. He was just accepted into a university, but worse, one of his blog entries is about how he likes slackware and is trying to write some code to help the project out. Now I don't know about you, but I find that suspicious as hell. Unless someone goes over every line of code submitted with a magnifying glass than it can be fairly easy to sneak in a little area for a buffer overflow or something. (Preventive measures like SELinux and exec-shield are necessary and even they don't fully solve the problem). I can only hope that the slackware community does decent background checks on submitters, and also good code checking. The last thing we need is for Open Source to start being purposely made vulnerable and attacked from within.
    Regards,
    Steve

  15. Re:They have a website by Halvy · · Score: 1, Insightful

    The Bush Administration is working on that

    The bush admin days are numbered...

    As is anyone who supports their murdering ways.

    --
    I will gladly loose all of life's battles.. in order to win the war..