Mailinglist Archive: opensuse (686 mails)

< Previous Next >
[opensuse] Re: Ubuntu Forum hacked
  • From: Jim Henderson <hendersj@xxxxxxxxx>
  • Date: Tue, 23 Jul 2013 16:05:51 +0000 (UTC)
  • Message-id: <ksm9kv$vk1$>
On Tue, 23 Jul 2013 15:46:56 +1000, Basil Chupin wrote:

The Ubuntu Forum was hacked a couple of days ago-

which led to a discussion about how secure Linux actually is.

A question arises in my mind is: how vulnerable are our mailing
lists/forum(s) seeing as how openSUSE MLs are also using vBulletin (an
earlier version than the Ubuntu one, BTW). More discussion led to this

With regards to this last URL, how does openSUSE fair? I just looked at
the archive for opensuse-security mail list (and subscribed to it) but
for the month of July only see some fixes to what appear to be apps from
'third parties'.

Is openSUSE 'watertight'? :-)

Because we integrate with NetIQ Access Manager, user passwords aren't
stored in the vBulletin database. I know the systems used on the back-
end, and while I wouldn't describe any system as 100% hack-proof, this
one would require some pretty specialized knowledge and access to the
identity servers (which are not in the same network). eDirectory is on
the back-end, and even if one were to grab the database, it's not a
traditional database and the structure is *very* unusual (gives it very
high performance for millions - or billions - of identities), so one
would have to have knowledge of the internals of the engine.

So our passwords are extremely secure. *This* is the advantage of the
authentication system we have in place.


Jim Henderson
Please keep on-topic replies on the list so everyone benefits

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups