Just in case NNTP users hadn’t heard, there was another hack against the
web interface, and the system is being hardened. It’ll be offline for a
little bit while the tech team works on that. This change will include
the removal of the vBSEO plugin (which is what was compromised and is no
longer being maintained).
NNTP is unaffected. User passwords were not compromised. E-mail
addresses are reported to have been taken.
Jim
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
On Wed, 08 Jan 2014 05:59:35 +0000, Jim Henderson wrote:
> Just in case NNTP users hadn’t heard, there was another hack against the
> web interface, and the system is being hardened. It’ll be offline for a
> little bit while the tech team works on that. This change will include
> the removal of the vBSEO plugin (which is what was compromised and is no
> longer being maintained).
>
> NNTP is unaffected. User passwords were not compromised. E-mail
> addresses are reported to have been taken.
And yes, we are aware that NNTP was down today as well while there was
working going on. I’m told the web interface should be back online
“soon”.
Jim
–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
On 01/08/2014 06:20 PM, Jim Henderson wrote:
> And yes, we are aware that NNTP was down today as well while there was
> working going on. I’m told the web interface should be back online
> “soon”.
It sure is quiet with the Web interface down.
On 2014-01-09 02:45, Larry Finger wrote:
> It sure is quiet with the Web interface down.
Indeed… I guess most of us nntp users are just bored and “reading” 
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
Larry Finger wrote:
> It sure is quiet with the Web interface down.
>
A deathly hush
On Thu 09 Jan 2014 03:08:06 AM CST, Carlos E. R. wrote:
On 2014-01-09 02:45, Larry Finger wrote:
> It sure is quiet with the Web interface down.
Indeed… I guess most of us nntp users are just bored and “reading” 
IRC and playing with SUSE Manager…
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.2 Kernel 3.11.6-4-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
Jim Henderson wrote:
> NNTP is unaffected. User passwords were not compromised. E-mail
> addresses are reported to have been taken.
>
> Jim
>
I have enough spam to deal with already. Now my email has been
published by the bad boys/gals
–
GNOME 3.10.2
openSUSE 13.1 (Bottle) (x86_64) 64-bit
Kernel Linux 3.11.6-4-desktop
On 2014-01-09 16:31, vazhavandan wrote:
> Jim Henderson wrote:
>> NNTP is unaffected. User passwords were not compromised. E-mail
>> addresses are reported to have been taken.
>>
>> Jim
>>
>
> I have enough spam to deal with already. Now my email has been
> published by the bad boys/gals
I wonder.
They have my email published in clear on the openSUSE mail list for years.
When I had a tiscali account, I got spam by the thousands per year on
it. It could be hundreds per day sometimes. Now, spam is so rare that
when I get one I actually look at it with curiosity.
If you look at the photo published at thehackernews.com place, the only
emails clearly shown are half a dozen at the top, perhaps what they
think are staff or admins, the rest are blurred.
Some people say this has been a script kiddie attack. I assume that
security experts know how to obtain those scripts (I don’t). In that
case, it is their duty to download those scripts, locate the
vulnerabilities used in the scripts, and then plug them fast. If this
has not been done, then IMHO those experts do not deserve their
paychecks, or the attack was not done by a script-kid.
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
On 01/09/2014 12:08 PM, Carlos E. R. wrote:
> On 2014-01-09 16:31, vazhavandan wrote:
>> Jim Henderson wrote:
>>> NNTP is unaffected. User passwords were not compromised. E-mail
>>> addresses are reported to have been taken.
>>>
>>> Jim
>>>
>>
>> I have enough spam to deal with already. Now my email has been
>> published by the bad boys/gals
>
> I wonder.
>
> They have my email published in clear on the openSUSE mail list for years.
My E-mail address has been published openly in various mailing lists for at
least 5 years. My mail comes to my ISP who rejects known spam sites silently,
the rest gets forwarded to Gmail.com. They filter it, and everything that passes
comes to my laptop. In the past 7 days, the Gmail spam filters have caught all
spam, and there were only 29 entries in my spam mailbox at Gmail. The system is
getting quite efficient.
On 2014-01-09 20:02, Larry Finger wrote:
> My E-mail address has been published openly in various mailing lists for
> at least 5 years. My mail comes to my ISP who rejects known spam sites
> silently, the rest gets forwarded to Gmail.com. They filter it, and
> everything that passes comes to my laptop. In the past 7 days, the Gmail
> spam filters have caught all spam, and there were only 29 entries in my
> spam mailbox at Gmail. The system is getting quite efficient.
My ISP does something like that. I found out when I sent from ‘whatsup’
a dump of my conversations, and it was bounced by my ISP.
I do not want it. I have no control over it :-/
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
On Thu, 09 Jan 2014 01:45:50 +0000, Larry Finger wrote:
> On 01/08/2014 06:20 PM, Jim Henderson wrote:
>> And yes, we are aware that NNTP was down today as well while there was
>> working going on. I’m told the web interface should be back online
>> “soon”.
>
> It sure is quiet with the Web interface down.
It is indeed - or was, the web interface is now back up. 
The other outage (of NNTP) was unrelated - some other hardware decided to
start acting up.
Jim
–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
On Thu, 09 Jan 2014 15:31:18 +0000, vazhavandan wrote:
> Jim Henderson wrote:
>> NNTP is unaffected. User passwords were not compromised. E-mail
>> addresses are reported to have been taken.
>>
>> Jim
>>
>>
> I have enough spam to deal with already. Now my email has been
> published by the bad boys/gals
As I recall, those who performed the hack claimed they weren’t
releasing the info.
Jim
–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C