aelius Posted January 8, 2014 Report Share Posted January 8, 2014 (edited) After Snapchat hack, this can be another worst data breach of the new year. A Pakistani hacker 'H4x0r HuSsY' has successfully compromised the official Forum of 'openSUSE', a Linux distro developed, sponsored & supported by SUSE.The hacker managed to deface the Forum and uploaded its custom message page as shown and account information of 79,500 registered users' may have been compromised. The popular website MacRumors's Forum was compromised in last November using an alleged zero day exploit, which is based on vBulletin, a famous forum software. The openSUSE Forum is also based upon vBulletin.Another interesting fact is that openSUSE is still using vBulletin 4.2.1, which is vulnerable to inject rogue administrator accounts flaw. Whereas, the latest patched vBulletin 5.0.5 is available. Possibly, Hacker exploits same or another known vBulletin version 4.2.1 vulnerability to access the website's administrative panel.Read more: Exclusive - openSUSE Forum Hacked; 79500 Users' Data CompromisedNota personala: Mie imi pare o cacanarie sa se intample asta cu un soft comercial. Costul nu este deloc mic si pe langa costul lui, trebuie sa platesti pentru suport. Suport la ce ? La o saracie low-end cu gauri de securitate?! Se pare ca vBulletin devine un fel de mambo. Cine e vechi pe net stie ce nebunie era inainte la mambo / joomla.Observ din imaginile de acolo ca au folosit inclusiv un phpshell. Cat de retard sa fie un admin incat sa nu stie sa dezactiveze niste functii php si sa instaleze ceva module de protectie (just in case). Edited January 8, 2014 by aelius Quote Link to comment Share on other sites More sharing options...
