[SOLVED] Ubuntuforums.org password breach (question for Jeremy)
LQ Suggestions & FeedbackDo you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ubuntuforums.org password breach (question for Jeremy)
Color me stupid, lazy, whatever.
But I was using the same passowrd and nym on Ubuntuforums as I use on LQ and/or AQ.
Starting with LQ I successfully changed my password, and it updated my Iceweasel saved passwords - then I jumped to Android Forum (via the Main Menu) and was automatically logged in as usual, but Iceweasel hadn't changed. So I entered my old password and new password (twice) and it updated both on AQ and Iceweasel.
Did I do this right? Or does changing my LQ password automagically change my AQ password?
Jeremy, perhaps you could write a brief sticky how-to whatever on both LQ and AQ home pages - just in case there are others like me who trusted UbuntuForums as I have come to trust LQ.
Now I have to wait on Canonical fixing their forums so that I can change my password there to something unrelated to any other sites!
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with LFS.
Posts: 2,900
Rep:
Quote:
Originally Posted by minrich
Color me stupid, lazy, whatever.
But I was using the same passowrd and nym on Ubuntuforums as I use on LQ and/or AQ.
While the question is very pertinent (I found out U was offline last night) I'm not sure it is smart to advertise to the world that you use the same nick and password on all sites. The people that broke into UF are possibly trawling every forum they can find right now.
@k3lt01 - Don't know if you are a member of AndroidQuestions, but since it opened it has always been possible to log in with LQ credentials, hence the same pwrd on both sites. When I started running Kubuntu , even though Debian based, I found that a lot of the config files changed names (upstart -anyone?) and I needed specific help getting my Broadcom Wireless working - it is very difficult to get a landline to my boat!
Needless to say, and sorry if I misled you, I only used the same pwrd on these three forums, i.e. my Debian pwrd is different.
Perhaps I was too trusting in Canonical's understanding of the security aspects of Forums running on vBulletin. I only posted here after reading the low-down on ars technica.
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with LFS.
Posts: 2,900
Rep:
I do use AndroidQuestions. Been on there for over a year. 2 questions, 1 introduction, and Jeremy is the only person that has replied to me in that time. I log in using a QuestionsNetwork password.
sputn1k has said s/he won't do anything, s/he is smart enough to deface a site but hasn't got the time to go through 1.8 million usernames and passwords apparently.
Anyway security was the issue on UF with mod/admin privileges having been handed out by the previous owner (Canonical did not start UF and did not own it until a couple of years ago) without keeping track of things. Also the version of VB used was apparently out of date as well. I'm pretty sure Jeremy is much more hands on and keeps a pretty tight lid on the QuestionsNetwork sites.
Having said all that if anyone uses the same password across multiple sites it is good practise, even though it is a huge pita, to change them.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.