Slashdot Mirror
Novell OpenSUSE Server Hacked
abelikoff writes "Both LinuxWorld Australia and SuSE Linux Forums report that OpenSUSE website got hacked last night." This story was submitted quite a number of times.
← Back to Stories (view on slashdot.org)
I still will never understand why people do stupid things like hack websites.
They could just run OpenBSD.
How does hacking this website help to put your voice ? Other than geeks, how many people check that website. If they had hacked CNN or BBC, it would have been noticed significantly. Soon this would go into oblivion. Makes me wonder what has nuclear progam to do with open source linux ?
The Iranian hackers should first learn English. I was banging my head on the table reading that grammatically incorrect junk.
Linux is near-flawless in terms of security.
You don't follow security mailing lists, do you? Most Linux distros have decent security but "near-flawless"?
Trolling is a art,
The US and EU better let Iran develop a nuclear energy program or these senseless acts of web terrorism will never stop!
Was this a targeted attack? Did they just fall victim to a script? Unpatched vulnerability? Weak password? what? Im just asking cause none of the links provided answer this.
If something exists that does not need a creator (god) then why must the cosmos need one?
I see these attacks all the time on all Internet facing servers.
There are two kinds of sysadmins: paranoids and losers. I'm both kinds.
The LinuxWorld Australia story is actually about an earlier break-in of a Novell system that was being used for World of Warcraft related stuff, not the OpenSUSE site at all.
Steven
Isn't this the same flaw Windows has?
The open SuSE website wasnt hacked, it was a damn gamming machine they had on their network.
From TFA:
"The employees that set it up apparently had no idea of security," Brandon said. "But what is really surprising is that Novell would allow employees to set up game servers on their corporate network and then allow the public to access it."
"There was no major breach of security here," Barney said. "Needless to say, we are taking the appropriate steps" to address the situation.
TruePunk | Games
Your logic and reason are not welcome here.
No, it wouldn't. People would get pissed about having to dig through 100000 stories of "Yet another cheesy Windows server hacked" until they found a real story.
Speaking from personal experience, 85% of all hacks come from poor administration. ie. not patching flaws, weak passwords, poor security measure such as file permissions and lack of firewalls. The remaining 15% come from a mixture of things, and like it or not, 14.999% of that is Windows. Security through obscurity doesn't work when you have thousands of people pounding at your code just trying to find a way in.
All these Worms on the net is a perfect example. And when you get down to it, even some of the poor administration is Microsoft's fault for making it "so easy you don't need an experienced technician...." When in fact they bury stuff so deep unless you know where it is, the necessary changes don't get made leaving everything as default.
I can't even begin to count how many times I've gone to a customer's location where they had an employee that was a self proclaimed geek that did all the setup and everything was not only wrong, it opened gaping holes on their network. Including things like having a USER logging in as Administrator on the server and using it as a workstation.
Plus I won't go into all the people who hold an MCSE that never touched a computer until they went to a 2 week bootcamp on how to pass the tests.
But, point in fact, any closed source application is subject to flaws that don't get patched because it's a small enough flaw that putting a programmer on it to fix it would cost more than keeping the flaw hidden.
The OpenSuSE server has been sucking wind for weeks, and i know for a fact that trouble tickets have been submitted about it within Novell.
Maybe they were just trying to lend a hand with the administration . . . .
This is just like television, only you can see much further.
Dear Hackers,
If you're going to hack websites, don't try to justify your idiotic hobby by turning it into a political posterboard. It has the opposite effect you're looking for. The thing that scares people most is unpredictable behavior. If Iran were calm, clear in stating there intentions, and followed all the diplomatic protocols with a smile there would be no way for anyone to stop them from builting reactors (wheather it be for processing fuel for weapons or not). But stupid stuff like this make Iranians look like evil subversives. Just look at the graphic they posted. It looks like the shadow of some kind of daemon with horns. This is not a good image for Iran.
Or if it's a different group impersonating iranians, you're just losers.
Allowing "users" to setup their own box, on your network, outside your firewall, using your IP address IS a breach of security.
I'm running SuSe 9.3, and this morning, I let the automated update program do it's thing. Did I download and install any breached files?
No. It was just the WiKi server that went down.
Don't fight for your country, if your country does not fight for you.
The problem comes in when you are, yourself, an OS vendor. It's really hard (from a marketing/PR perspective) to have your site run a BSD when you happen to sell a major Linux distro. Or have a major online service you bought run Solaris when you happen to make Windows, for that matter. Customers (and potential customers) will rightfully wonder why you don't have confidence in your own product.
The higher the technology, the sharper that two-edged sword.
I think it is time for the open source community, as a whole, to better consider its public image. Incidents like this, involving one of the premiere Linux vendors, do unfortunately tarnish the image of our community quite badly. And then you have rogue open source developers publically insulting users. Such incidents make people remember open source software for all the wrong reasons.
Now, perhaps this is just a case of amateurs being allowed to join a community that mainly consisted of academics and professionals. The high standards that the open source community once enjoyed are being degraded on a daily basis by developers who cannot write secure code (ie. many PHP developers), by developers who blatantly insult and ridicule their users (ie. the KOffice example earlier in this post), or companies that provide insecure, open source-based products.
Is there much that can be done about this? I'm not sure.
Cyric Zndovzny at your service.
It's a little worse than that. The IHS guys aren't just script kiddies, their lead guy's blog is here. He is apparently very active in writing exploits and gives code to all of them. He was just accepted into a university, but worse, one of his blog entries is about how he likes slackware and is trying to write some code to help the project out. Now I don't know about you, but I find that suspicious as hell. Unless someone goes over every line of code submitted with a magnifying glass than it can be fairly easy to sneak in a little area for a buffer overflow or something. (Preventive measures like SELinux and exec-shield are necessary and even they don't fully solve the problem). I can only hope that the slackware community does decent background checks on submitters, and also good code checking. The last thing we need is for Open Source to start being purposely made vulnerable and attacked from within.
Regards,
Steve