[opensuse-project] Several openSUSE services disabled due to a security breach
Dear openSUSE Community, We have been informed of a security breach of the MF authentication system used by several openSUSE services. As a result, the openSUSE services using this authentication method are immediately being set to read-only mode/preventing authentication. This includes the openSUSE OBS, wiki, and forums. The scope and impact of the breach is not yet fully clear. The disabling of authentication is to ensure the protection of our systems and user data while the situation is fully investigated. Based on the information available at this time, there is a possibility that the breach is limited to users of non-openSUSE infrastructure that shares the same authentication system. Regardless, is recommended that all users of the affected services and openSUSE bugzilla change their password at the following link: https://secure-www.novell.com/selfreg/jsp/protected/manageAccount.jsp https://status.opensuse.org/ can be used to monitor the status of the services as the incident is further investigated. We do not believe any of the openSUSE Download infrastructure has been compromised, as it does not interact with the MF authentication system. Therefore www.opensuse.org , download.opensuse.org and software.opensuse.org remain operational and safe for all of our users to use. Thank you all for your understanding and support, and expect a further update as soon as we have more information. Regards, -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Dear Richard, dear openSuSE Community, thanks for informing us about it. In the face of the largest ransomware attack, the world has seen until today, https://www.theguardian.com/society/live/2017/may/12/england-hospitals-cyber... (Thanks to the NSA for that), doesn't this implies, that major authentication infrastructure of openSUSE still bases on pityful Windows systems or is this just a coincidence? Best regards, Hans-Peter Jansen On Freitag, 12. Mai 2017 16:38:17 Richard Brown wrote:
Dear openSUSE Community,
We have been informed of a security breach of the MF authentication system used by several openSUSE services.
As a result, the openSUSE services using this authentication method are immediately being set to read-only mode/preventing authentication.
This includes the openSUSE OBS, wiki, and forums.
The scope and impact of the breach is not yet fully clear. The disabling of authentication is to ensure the protection of our systems and user data while the situation is fully investigated.
Based on the information available at this time, there is a possibility that the breach is limited to users of non-openSUSE infrastructure that shares the same authentication system.
Regardless, is recommended that all users of the affected services and openSUSE bugzilla change their password at the following link: https://secure-www.novell.com/selfreg/jsp/protected/manageAccount.jsp
https://status.opensuse.org/ can be used to monitor the status of the services as the incident is further investigated.
We do not believe any of the openSUSE Download infrastructure has been compromised, as it does not interact with the MF authentication system.
Therefore www.opensuse.org , download.opensuse.org and software.opensuse.org remain operational and safe for all of our users to use.
Thank you all for your understanding and support, and expect a further update as soon as we have more information.
Regards,
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
What does NHS have to do with openSUSE? The problems at Micro Focus (MF) are not related to NHS specifically or ransomware in general. Aaron Burgemeister Identity / Security / Linux Consultant http://www.a2btech.com/ On 05/13/2017 03:08 AM, Hans-Peter Jansen wrote:
Dear Richard, dear openSuSE Community,
thanks for informing us about it.
In the face of the largest ransomware attack, the world has seen until today, https://www.theguardian.com/society/live/2017/may/12/england-hospitals-cyber... (Thanks to the NSA for that), doesn't this implies, that major authentication infrastructure of openSUSE still bases on pityful Windows systems or is this just a coincidence?
Best regards, Hans-Peter Jansen
-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On 2017-05-13 14:32, Aaron B wrote:
On 05/13/2017 03:08 AM, Hans-Peter Jansen wrote:
Dear Richard, dear openSuSE Community,
thanks for informing us about it.
In the face of the largest ransomware attack, the world has seen until today, https://www.theguardian.com/society/live/2017/may/12/england- hospitals-cyber-attack-nhs-live-updates (Thanks to the NSA for that), doesn't this implies, that major authentication infrastructure of openSUSE still bases on pityful Windows systems or is this just a coincidence?
What does NHS have to do with openSUSE?
The problems at Micro Focus (MF) are not related to NHS specifically or ransomware in general.
That doesn't really answer Hans question. This ransomware attack was random, so it was not an attack on NHS or on anybody specifically. Whether the auth system runs on Windows or Linux I don't know. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))
Sorry for replying personally last time; I forget that Thunderbird does that when doing e-mail stuff. On 05/13/2017 04:58 PM, Carlos E. R. wrote:
On 2017-05-13 14:32, Aaron B wrote:
On 05/13/2017 03:08 AM, Hans-Peter Jansen wrote:
Dear Richard, dear openSuSE Community,
thanks for informing us about it.
In the face of the largest ransomware attack, the world has seen until today, https://www.theguardian.com/society/live/2017/may/12/england- hospitals-cyber-attack-nhs-live-updates (Thanks to the NSA for that), doesn't this implies, that major authentication infrastructure of openSUSE still bases on pityful Windows systems or is this just a coincidence?
What does NHS have to do with openSUSE?
The problems at Micro Focus (MF) are not related to NHS specifically or ransomware in general.
That doesn't really answer Hans question.
Fair enough; Hans' question asks "doesn't this implies that major authentication infrastructure of openSUSE still bases on pitiful Windows systems or is this just a coincidence?" It seems obvious to me that nothing is implied by the Guardian's report on one organization and an event at a completely different type at a completely different organization. Just because ransomware impacts somebody somewhere does not mean that any other system anywhere else is related just because it happened within a day or two of the first event. The stretching of logic required to reach that conclusion baffles me; the logical fallacy involved is this one: https://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc
This ransomware attack was random, so it was not an attack on NHS or on anybody specifically.
Random, sure, meaning this decreases the probability that events X and Y are related. There's no more reason to draw the conclusion that these two are related than to believe my friend's Mac workstation, which crashed today (hard drive failure), is also related. Even if it had been a windows box, there would be no reason to draw that conclusion. Aaron Burgemeister Identity / Security / Linux Consultant -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Samstag, 13. Mai 2017 19:41:30 Aaron B wrote:
Sorry for replying personally last time; I forget that Thunderbird does that when doing e-mail stuff.
On 05/13/2017 04:58 PM, Carlos E. R. wrote:
On 2017-05-13 14:32, Aaron B wrote:
On 05/13/2017 03:08 AM, Hans-Peter Jansen wrote:
Dear Richard, dear openSuSE Community,
thanks for informing us about it.
In the face of the largest ransomware attack, the world has seen until today, https://www.theguardian.com/society/live/2017/may/12/england-> >>> hospitals-cyber-attack-nhs-live-updates (Thanks to the NSA for that), doesn't this implies, that major authentication infrastructure of openSUSE still bases on pityful Windows systems or is this just a coincidence?
What does NHS have to do with openSUSE?
The problems at Micro Focus (MF) are not related to NHS specifically or ransomware in general.
How can you know? The NHS isn't related to the Deutsche Bahn, but both are affected. The link was just an example of what I'm referring to...
That doesn't really answer Hans question.
Fair enough; Hans' question asks "doesn't this implies that major authentication infrastructure of openSUSE still bases on pitiful Windows systems or is this just a coincidence?"
It seems obvious to me that nothing is implied by the Guardian's report on one organization and an event at a completely different type at a completely different organization. Just because ransomware impacts somebody somewhere does not mean that any other system anywhere else is related just because it happened within a day or two of the first event. The stretching of logic required to reach that conclusion baffles me; the logical fallacy involved is this one: https://en.wikipedia.org/wiki/Post_hoc_ergo_propter_hoc
Sure, my words might be phrased too harsh, but just at the _same_ time, where the world was hit by this attack, the MF authentication system is taken offline (which happened never before, I'm attending SuSE since 1997..).
This ransomware attack was random, so it was not an attack on NHS or on anybody specifically.
Random, sure, meaning this decreases the probability that events X and Y are related. There's no more reason to draw the conclusion that these two are related than to believe my friend's Mac workstation, which crashed today (hard drive failure), is also related. Even if it had been a windows box, there would be no reason to draw that conclusion.
Well, authentication systems are designed with maximum security, redundancy and worst case scenarios in mind, hence I was little troubled about this drastic move of taking it offline. The full story might never revealed to the public anyway. In THAT sense, my question was rather silly. Beg my pardon, everybody please.. Cheers, Pete -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
Well, authentication systems are designed with maximum security, redundancy and worst case scenarios in mind, hence I was little troubled about this drastic move of taking it offline.
I take exactly the opposite point of view. If MF have any reason that they have, anywhere in their networks, vulnerable systems then the safe thing, from their and our perspective, is to block the firewalls. It may cause a few days inconvenience but it’s than the risks of the alternative. David-- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On Sonntag, 14. Mai 2017 17:28:35 Administrator wrote:
Well, authentication systems are designed with maximum security, redundancy and worst case scenarios in mind, hence I was little troubled about this drastic move of taking it offline.
I take exactly the opposite point of view. If MF have any reason that they have, anywhere in their networks, vulnerable systems then the safe thing, from their and our perspective, is to block the firewalls. It may cause a few days inconvenience but it’s than the risks of the alternative.
You got me wrong, David. The fact, that it was necessary to take the authentication system down troubled me, not the fact, that they took it down - which is the only sane decision at this point. I wonder, how an attacker could get *that* *deep* inside the MF network to perform *this* attack. Pete -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
On dimanche, 14 mai 2017 14.39:44 h CEST Hans-Peter Jansen wrote:
The full story might never revealed to the public anyway. In THAT sense, my question was rather silly.
Beg my pardon, everybody please..
Cheers, Pete
I really hope not, and full analysis and reports will be available. We work in an open and transparent project, and it's question of code. If a bad code or practice has been used, then it's wonderful and useful to publish it, to the benefit of all. Yes, I was laughting when reading the gitlab report about the crash they got with postgresql. But I admire the courage needed to publish it. Hope the world will return Green tomorrow. -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch Bareos Partner, openSUSE Member, fsfe fellowship GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org To contact the owner, email: opensuse-project+owner@opensuse.org
participants (6)
-
Aaron B -
Administrator -
Bruno Friedmann -
Carlos E. R. -
Hans-Peter Jansen -
Richard Brown