Mailinglist Archive: opensuse (686 mails)

< Previous Next >
[opensuse] Re: Ubuntu Forum hacked
  • From: Jim Henderson <hendersj@xxxxxxxxx>
  • Date: Tue, 23 Jul 2013 16:05:51 +0000 (UTC)
  • Message-id: <ksm9kv$vk1$2@ger.gmane.org>
On Tue, 23 Jul 2013 15:46:56 +1000, Basil Chupin wrote:

The Ubuntu Forum was hacked a couple of days ago-

http://ubuntuforums.org/announce.html

which led to a discussion about how secure Linux actually is.

A question arises in my mind is: how vulnerable are our mailing
lists/forum(s) seeing as how openSUSE MLs are also using vBulletin (an
earlier version than the Ubuntu one, BTW). More discussion led to this
URL-

http://www.ubuntu.com/usn/

With regards to this last URL, how does openSUSE fair? I just looked at
the archive for opensuse-security mail list (and subscribed to it) but
for the month of July only see some fixes to what appear to be apps from
'third parties'.

Is openSUSE 'watertight'? :-)

Because we integrate with NetIQ Access Manager, user passwords aren't
stored in the vBulletin database. I know the systems used on the back-
end, and while I wouldn't describe any system as 100% hack-proof, this
one would require some pretty specialized knowledge and access to the
identity servers (which are not in the same network). eDirectory is on
the back-end, and even if one were to grab the database, it's not a
traditional database and the structure is *very* unusual (gives it very
high performance for millions - or billions - of identities), so one
would have to have knowledge of the internals of the engine.

So our passwords are extremely secure. *This* is the advantage of the
authentication system we have in place.

Jim

--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References