Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSUSE Forums Defaced, Email Addresses Leaked

Posted by Unknown on from the should've-used-slash dept.

sfcrazy writes "The openSUSE Forums were hijacked yesterday. An alleged Pakistani hacker who goes by handle H4x0r HuSsY reportedly exploited a vulnerability in the vBulletin 4.2.1 software SuSE uses to host the forum. vBulletin is a proprietary forum software. The openSUSE team notes that user passwords were not compromised. 'Credentials for your openSUSE login are not saved in our application databases as we use a single-sign-on system (Access Manager from NetIQ) for all our services. This is a completely separate system and it has not been compromised by this crack. What the cracker reported as compromised passwords where indeed random, automatically set strings that are in no way connected to your real password.' It's shocking to learn that SUSE/openSUSE are using proprietary forum software vBulleting as well as proprietary single sign on solution." SuSE was using vBulletin 4.x which has no known fix for the security hole, and they are leaving the forums offline for now. It seems likely they'll be upgrading to the 5.x series.

3 of 82 comments (clear)

  1. Ugh, not "a software" again by jabberw0k · · Score: 4, Funny

    vBulletin is a proprietary forum software.

    No, vBulletin is a software package, or a program, or even "vBulletin is software" -- but never "a software." You don't have "a hardware" or "an information" or "a clothing" -- you have a piece of hardware, a piece of information, a piece of clothing, and a piece of software. Grammar check, please.

  2. Re:Shocked that a company uses a product? by MechanicJay · · Score: 4, Informative

    Access Manager is an extremely capable enterprise class single-sign-on product (It's the current incarnation of Novell's iChain SSO product). I'm using it here to protect about 30+ backed web-applications. I can do access restrictions based on LDAP group memberships, inject identity information in http headers, do behind the scenes form-fill login for applications that wouldn't know what SSO was if it fell on them and so much more. Currently just finished a Radius server integration for 2 factor auth. It's one of the two best pieces of enterprise software I've ever used. (Riverbed's Stingray appliance being the other).

  3. Shocking? by Dcnjoe60 · · Score: 4, Informative

    It's shocking to learn that SUSE/openSUSE are using proprietary forum software vBulleting as well as proprietary single sign on solution.

    While vBulletin isn't under GPL, it is pretty liberal. You get the source code, you can modify and compile the source code, you may not redistribute it or remove the copyright notices. So, technically while not open source, your real limitation is in being allowed to redistribute it (not removing copyright is part of GPL, too).