Slashdot Mirror
Novell OpenSUSE Server Hacked
abelikoff writes "Both LinuxWorld Australia and SuSE Linux Forums report that OpenSUSE website got hacked last night." This story was submitted quite a number of times.
← Back to Stories (view on slashdot.org)
People always try to blame the software right away but usually it's poor administration.
Linux is near-flawless in terms of security.
If you "get" pointers add me as a friend (116)!
I still will never understand why people do stupid things like hack websites.
They could just run OpenBSD.
How does hacking this website help to put your voice ? Other than geeks, how many people check that website. If they had hacked CNN or BBC, it would have been noticed significantly. Soon this would go into oblivion. Makes me wonder what has nuclear progam to do with open source linux ?
The Iranian hackers should first learn English. I was banging my head on the table reading that grammatically incorrect junk.
Of corse this had to happen just a few days before OpenSuSe released the latest version 10.0 final. Now I'm assuming that there will be a delay there to make sure nobody added any "extra" software. I've been waiting for it to come out since I tried beta 1 of 10.0.
The US and EU better let Iran develop a nuclear energy program or these senseless acts of web terrorism will never stop!
http://wiki.novell.com/
Site is currently down.
People always try to blame the software right away but usually it's poor administration.
Was this a targeted attack? Did they just fall victim to a script? Unpatched vulnerability? Weak password? what? Im just asking cause none of the links provided answer this.
If something exists that does not need a creator (god) then why must the cosmos need one?
I see these attacks all the time on all Internet facing servers.
There are two kinds of sysadmins: paranoids and losers. I'm both kinds.
The LinuxWorld Australia story is actually about an earlier break-in of a Novell system that was being used for World of Warcraft related stuff, not the OpenSUSE site at all.
Steven
If it was a website about Linux, it probably wouldn't even need to be hacked to make the front page of /. if it was running Windows
The open SuSE website wasnt hacked, it was a damn gamming machine they had on their network.
From TFA:
"The employees that set it up apparently had no idea of security," Brandon said. "But what is really surprising is that Novell would allow employees to set up game servers on their corporate network and then allow the public to access it."
"There was no major breach of security here," Barney said. "Needless to say, we are taking the appropriate steps" to address the situation.
TruePunk | Games
The point is, it was a Suse website, running Suse that got hacked.
If a Microsoft windows 2003 site, running Windows 2003 was the victim, then yeah, I think it would make the front page.
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
Your logic and reason are not welcome here.
This would not have happened if the people at Novell had used Ubuntu Linux. :)
Linux Help
for all things on Linux
Don't you mean ./t3h_l33t_5cr1pxx0r?
No, it wouldn't. People would get pissed about having to dig through 100000 stories of "Yet another cheesy Windows server hacked" until they found a real story.
Speaking from personal experience, 85% of all hacks come from poor administration. ie. not patching flaws, weak passwords, poor security measure such as file permissions and lack of firewalls. The remaining 15% come from a mixture of things, and like it or not, 14.999% of that is Windows. Security through obscurity doesn't work when you have thousands of people pounding at your code just trying to find a way in.
All these Worms on the net is a perfect example. And when you get down to it, even some of the poor administration is Microsoft's fault for making it "so easy you don't need an experienced technician...." When in fact they bury stuff so deep unless you know where it is, the necessary changes don't get made leaving everything as default.
I can't even begin to count how many times I've gone to a customer's location where they had an employee that was a self proclaimed geek that did all the setup and everything was not only wrong, it opened gaping holes on their network. Including things like having a USER logging in as Administrator on the server and using it as a workstation.
Plus I won't go into all the people who hold an MCSE that never touched a computer until they went to a 2 week bootcamp on how to pass the tests.
But, point in fact, any closed source application is subject to flaws that don't get patched because it's a small enough flaw that putting a programmer on it to fix it would cost more than keeping the flaw hidden.
the hacker team has a website to add to that, its likely being hosted in iran so no one can do jack shit
Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
The OpenSuSE server has been sucking wind for weeks, and i know for a fact that trouble tickets have been submitted about it within Novell.
Maybe they were just trying to lend a hand with the administration . . . .
This is just like television, only you can see much further.
He is a movie fan and was just accepted to a university.
Some bits of information can be found here:3 90/
http://www.zone-h.org/en/defacements/view/id=2917
Besides the OpenSuSE website they also hacked into wiki.novell.com and forge.novell.com.
Too bad that the Iranian hackers used OpenSuSE for their political stuff. It seems a bit misplaced, what does a linux distribution has to do with the question whether Iran should have nuclear stuff or not?
I had told novell not to run their websites on Windows OS. They wont listen. See now
Pardon my obvious post-placement, trying to get this near the top and visible, but I suspect this is an important question for people to see, assuming answers are posted:
What is the practical upshot of all this? Is the damage limited to the "Give us nuclear rights" web defacement, or was that just a front to make people think nothing else was damaged?
I'm running SuSe 9.3, and this morning, I let the automated update program do it's thing. Did I download and install any breached files?
TFA don't say anything. One is dead already, and the other is useless.
I mean, I understand that there's a lot to discuss regarding security policies and server operating systems, but there are people who could be immediately affected here.
Procrastination -- because good things come to those who wait.
Dear Hackers,
If you're going to hack websites, don't try to justify your idiotic hobby by turning it into a political posterboard. It has the opposite effect you're looking for. The thing that scares people most is unpredictable behavior. If Iran were calm, clear in stating there intentions, and followed all the diplomatic protocols with a smile there would be no way for anyone to stop them from builting reactors (wheather it be for processing fuel for weapons or not). But stupid stuff like this make Iranians look like evil subversives. Just look at the graphic they posted. It looks like the shadow of some kind of daemon with horns. This is not a good image for Iran.
Or if it's a different group impersonating iranians, you're just losers.
Allowing "users" to setup their own box, on your network, outside your firewall, using your IP address IS a breach of security.
No modern OS is flawless. Due to feature creep and the massive amounts of code involved, none can really be considered 'near flawless'. ( agreed, some are better then others )
Its the job of the administrators to mitigate and compensate for known, and unknown, security flaws.
---- Booth was a patriot ----
let me guess, iptables not enabled, no firewall service up, no bfd, SSH was up unfiltered and the root pass was a 3 letter word like god, to quote the movie "hackers" with angelina jolie. Hack the gibson. Hack the planet. Go Iran. Just kidding.
Alot of people are reluctant to use a firewall, even though you can easily do it with SuSE and YaST2.
I have the pay version of SuSE9.3 Pro, which is well worth the $99 price tag.
I mostly run fedora core boxes though, and this is a really good alternative to other iptables interfaces.
http://www.webhostgear.com/60.html
http://www.webhostgear.com/61.html
Get yourself those, make sure non of your dir's are 777, have strong 20+ char long passwords, don't RPM fetch from shady repositories, and you're on your way!
I think it is time for the open source community, as a whole, to better consider its public image. Incidents like this, involving one of the premiere Linux vendors, do unfortunately tarnish the image of our community quite badly. And then you have rogue open source developers publically insulting users. Such incidents make people remember open source software for all the wrong reasons.
Now, perhaps this is just a case of amateurs being allowed to join a community that mainly consisted of academics and professionals. The high standards that the open source community once enjoyed are being degraded on a daily basis by developers who cannot write secure code (ie. many PHP developers), by developers who blatantly insult and ridicule their users (ie. the KOffice example earlier in this post), or companies that provide insecure, open source-based products.
Is there much that can be done about this? I'm not sure.
Cyric Zndovzny at your service.
It's not being hosted in Iran. It's hosted in the US by Virtuoso Net Solutions inc. I sent this email to abuse@virtuosonetsolutions.com yesterday about 7 PM (I sent them my real info, obviously):
Dear Sir/Madam:
The OpenSuSE website was defaced either today or yesterday by an Iranian
hacker clan whose website is located on your servers. I checked the
whois data for the hacker clan's domain (ihsteam.com):
Majid NT
Bl Sajjad-milad 7 no. 12
Mashhad 8735452575
Iran
IP of the website (according to whois records of the ip, it is owned by
your company):
147.202.64.138
References:
http://www.opensuse.org/
http://www.ihsteam.com/
In case the sites above have been changed, I've attached an compressed
archive saves of their main pages. I hope you'll see that ihsteam.com
is in direct violation of your AUP.
Sincerely,
Name
Phone
Email
They haven't replied yet, and the website is still up. But it IS a weekend.
I pretend to know more than I really do by mooching off google and wikipedia.
might wanna work on your syntax a bit before posting suggestions like that.my machine responds with: PermitRootLogin ermitRootLogin no /etc/ssh/sshd_config now with something like: echo "PermitRootLogin no" >> /etc/ssh/sshd_config maybe you'll get the job done. but then again, maybe not.
It's a little worse than that. The IHS guys aren't just script kiddies, their lead guy's blog is here. He is apparently very active in writing exploits and gives code to all of them. He was just accepted into a university, but worse, one of his blog entries is about how he likes slackware and is trying to write some code to help the project out. Now I don't know about you, but I find that suspicious as hell. Unless someone goes over every line of code submitted with a magnifying glass than it can be fairly easy to sneak in a little area for a buffer overflow or something. (Preventive measures like SELinux and exec-shield are necessary and even they don't fully solve the problem). I can only hope that the slackware community does decent background checks on submitters, and also good code checking. The last thing we need is for Open Source to start being purposely made vulnerable and attacked from within.
Regards,
Steve
Just a note. Anything can be hacked given enough patience, enough time, enough resources, and enough basic knowledge. There is no such thing as a 100% secure system, unless you are talking about a system that has been unplugged, encased in concrete, and sunk to the bottum of the ocean. Even then, I wouldn't be too sure. In other words, best that can be done is to make it a challenging thing to do. There is no system that cannot be penetrated by a talented hacker. This one, evidentally, from what I've read, was fairly talented...not your average script kiddie.
So lay off alright?
It's a reasonable question to ask.
Yes, fundamentally it's true that configuration management has a significant effect on security. To be precise, this is not a flaw, but a characteristic. A site which is in full control of system configuration will have formal security advantages over one which isn't, and this is universally true regardless of platform.
However, the story is told from a much different perspective when it comes to evaluating the security of a given platform. Configuration remains a major factor in security, but it has to be weighed in light of platform capability. So, for example, a very simple network appliance with a very small configuration space has the prospect of being very secure. An ideal appliance cannot be configured insecurely. In practice, that may or not be the case, depending as always on design tradeoffs and correctness of implementation.
Apart from pure appliances, all computing platforms must, for reasons of generality, offer configuration possibilities that put some security tradeoffs in the hands of site administrators. Such is the case for both Linux and Windows, so indeed poor administration can always result in poor security on a sufficiently general platform.
The practical focus, therefore, has turned to how securely these platforms are configured by default. Interestingly, even though Windows is marketed for nonexpert use, it has a long tradition of being configured insecure by default, exactly the opposite of what would be appropriate for a nonexpert market. It also, in my opinion, embodies a lot of fundamentally insecure design tradeoffs, neglecting principles such as modularity, containment, and least privilege, for example. These are extremely deep design problems, not easily fixed.
Linux and Unix, although designed by developers for developers, and therefore intended for expert use, have a record of delivering much better security by default. I can think of lots of particular exceptions, but they have tended to be minor design tradeoffs that could be, and were, easily corrected. Security incident statistics seem to reinforce these observations very strongly.
In my line of work, I get to see what goes on behind the scenes at a lot of sites. It's not often that I come upon a site which is not suffering to some significant degree from a chronic neglect of configuration management. All discussion of platform characteristics aside, this is a real problem on the ground for security.
The issue, in terms of value for effort, then becomes to identify which of these sites is (a) at most immediate risk, and (b) has the best potential of improvement. In the former case, I find that the answer is Windows, and in the latter, it's Linux.
Parity: What to do when the weekend comes.