Is it just me, or
Doesn't it seem odd that a Free Software vendor should persist in using a proprietary application with so many security problems?
OpenSUSE forums hacked in ANOTHER vBulletin attack
Linux distro openSUSE’s public forums have been compromised and defaced and tens of thousands of user email addresses exposed after a hacker exploited a zero day flaw in the underlying vBulletin software. OpenSUSE responded quickly to media reports about the breach on Tuesday by admitting the successful exploit had allowed the …
-
-
Wednesday 8th January 2014 12:26 GMT Anonymous Coward
Re: Is it just me, or
Absolutely. It is disgraceful that FOSS community fora such as Ubuntu's and LinuxQuestions.org (the official Slackware forum for Christ's sake!) insist in using VBulletin. Even 5 years ago it was justifiable but today there are real alternatives, namely, SMF, PHPBB, FluxBB, Discourse, Vanilla, just to mention a few from the top of my head.
-
Wednesday 8th January 2014 13:50 GMT Spoonsinger
Re: Is it just me, or
We are commited to CHEEZE. Not only is it totally open, but it can provide an income stream to developers using micro transactions in a retail environment. CHEEZE is the future for development of forum software in the new shiny tablet enabled age. Don't think Facebook think CHEEZE.
-
-
-
Thursday 9th January 2014 05:14 GMT vagabondo
Re: Is it just me, or
> Doesn't it seem odd that ...
I am not sure, but I think that VBulletin is a remnant of the Novell takeover of SuSE.
Apart from any security issues, it causes frequent usability problems for new posters, as the methods for preventing code-mangling are non-intuitive. It also does not play nicely with the FOSS tools/clients favoured by many of the local experts. Hopefully this will be a prod to move to a more amenable platform.
-
Wednesday 8th January 2014 12:04 GMT Valeyard
Forum's useless anyway
Try going on there and asking a question. Whilst the normal users will try to help the Admins will be so occupied with calling you a n00b sometimes they actually forget who they're threatening to ban for talking back.
My favourite and default OS but God damn the community sucks so hard. wouldn't be surprised if they've just pissed off one guy too many
-
Wednesday 8th January 2014 16:45 GMT Anonymous Coward
Re: Forum's useless anyway
@Valeyard - yeah, I call bullshit on your claims.
No one on that forum has ever been anything but extremely helpful to me. I've had engineers and Novell developers come on the board and spend hours helping me resolve an issue. I've seen an engineer go out and buy a piece of hardware just so he could help a noob figure out how to use it.
And I read a lot of forum posts there - I can't recall ever seeing anyone threatened with being "banned". If someone is a total asshole, they just get ignored after awhile. All in all, I'd say openSUSE is by far the most helpful forum around. Just don't be a complete raving asshole - that doesn't work on any forum.
-
-
Saturday 11th January 2014 19:38 GMT Anonymous Coward
Re: Forum's useless anyway
@Valeyard - I'm not angry - I just have never seen the type of behavior on the openSUSE forums that you are referring to. And I've been a regular participant/reader for many years now.
Sounds like you got yourself "banned" though - I guess by an admin? All I can figure is you must have really seriously pissed someone off. Like I say - I've never seen anything like that. Quite the opposite - people really go quite far out of their way on those forums to help a guy out. I should know - I've had some nasty, nasty problems with AMD 6-core processors, Nvidia cards, and Radeon cards that I couldn't possibly have figured out without help.
-
-
-
-
This post has been deleted by its author
-
Wednesday 8th January 2014 16:35 GMT Anonymous Coward
OH NO
My openSUSE forums password and my El Reg password are exactly the same.
What if hacker H4x0r HuSsY starts posting pro-iPhone comments on El Reg in my name? My rep as an iPhone critic will be down the drain.
I guess I could just change my El Reg password, but - I'm kind of enjoying the tension.
-
Thursday 9th January 2014 04:58 GMT vagabondo
Re: OH NO
Andy, you must try harder at the witticism attempts. The article clearly states that email addresses and not passwords were accessed.
We await the onslaught of phishing spam, possibly encouraging the installation of a great new font (see Xorg vulnerability story); but more likely another "Please click here to reset your password" variant.
-
-
Monday 13th January 2014 13:49 GMT vagabondo
Seems not to have been VBulletin
From the current forum header:
NOTICE: A vulnerability in the forum SEO plugin we have been using has been found making it necessary to discontinue it's use. Existing links in Google, Yahoo, Bing, etc. as well as any existing bookmarks may have problems. The search engines will get our sitemap and it shouldn't take long for them to depreciate the old URLs and start replacing them with new. We apologize for the inconvenience.
I hope that the never re-instate the SEO plug-in. It mangled/obfuscated many URL links in order to "spy" on users, and prevent some of us behind corporate firewalls from following the linked pages.
This topic is closed for new posts.
Biting the hand that feeds IT
