Announcement

**kjjjjshab** · Jul 30, 2013, 08:07 PM

Originally posted by Snowhog View Post

...A good practice (enforced by (all) U.S. Government agencies) is to require password changes at set intervals. Not changing your password results in suspension of the account.

I have never met someone who didn't just have 2 numbers in their password for the month when that is required, thus making it a less safe password. I absolutely hate those policies. You either end up with the above, or passwords written down on a post-it, usually stuck to the monitor.

**verndog** · Jul 30, 2013, 08:31 PM

Enter "Keepassx" or some facsimile.

**SteveRiley** · Jul 30, 2013, 08:31 PM

Originally posted by claydoh View Post

man people are getting pissy over on UF trying to log in, etc. Seems they direct people to "ubuntu one" - which is using their Single Sign-On system (SSO) which is used for Launchpad, the wikis, etc, including U1. SO some are thinking they are being forced to sign up for U! ... This is a classic tl;dr as this was clearly explained on the main page. Having said that, going to login.ubuntu.com makes it look like you are signing up for U1 (and in a sense you are)

Yes, the description could be better. You're really using your Ubuntu SSO account here, which just so happens to be used for Launchpad, Ubuntu Wiki, and Ubuntu One. Now they're adding the forum. Makes sense, really.

But the amount of stupid on display in the discussion is breathtaking. People are claiming the forum was hacked, that vBulletin is unsafe, that a subsequent vB hack would give the attacker access to credit card numbers in U1. Come on, Ubuntu forum people! Didn't you read the explanation? The "hack" was through an existing but forgotten administrator account. The only "vulnerability" here is human forgetfulness.

**Tom_ZeCat** · Jul 30, 2013, 10:03 PM

I think I'll wait until the dust settles before I post anything over there.

**verndog** · Jul 30, 2013, 11:18 PM

I've been posting all day long....no dust...clean as a whistle...spic & span, as they say.
I'm just trying to help those that have been in the dark for the past two weeks. Lots of posted issues already.

**kubicle** · Jul 31, 2013, 12:23 AM

Originally posted by SteveRiley View Post

Didn't you read the explanation? The "hack" was through an existing but forgotten administrator account. The only "vulnerability" here is human forgetfulness.

Here's a detailed description of the attack (http://blog.canonical.com/2013/07/30...a-post-mortem/).

While the compromised mod account was the root cause...those sort of things do happen, so they probably should have been more prepared for it. An actually some vbulletin defaults played a part.

**PaulW2U** · Jul 31, 2013, 11:12 AM

Originally posted by claydoh View Post

This is a classic tl;dr as this was clearly explained on the main page. Having said that, going to login.ubuntu.com makes it look like you are signing up for U1 (and in a sense you are)

I can't believe the number of disgruntled users that must have read the warning after they logged-in with an email address that was not registered at UF and found that they had created a new account. So many complaints about years of posting history lost and so many users seem to be criticising UF/Canonical for not keeping their data safe but have little idea as to what that data actually is.

I certainly would not want to be a UF administrator right now.

Originally posted by claydoh View Post

And gee, that theme is still garish.

But they are Canonical approved colours though.

**Buddlespit** · Aug 01, 2013, 04:31 AM

I just tried logging in and it won't accept either of my email addresses. So I tried registering and got the same thing. So, I guess I don't register. It's no biggie, I only get to those forums via google searches anyway.

**Tom_ZeCat** · Aug 01, 2013, 05:59 AM

Originally posted by Buddlespit View Post

I just tried logging in and it won't accept either of my email addresses. So I tried registering and got the same thing. So, I guess I don't register. It's no biggie, I only get to those forums via google searches anyway.

You could try contacting them. I just tried to login and my old one would not work, but I was able to re-register.

Edit:
You did create a matching account at Ubuntu One, right? They're requiring that now.

I'm back in there. I had saved links to all the posts I made there before. I tried them and they're there. Looks like they did their backing up. Hopefully the entire database of posts is there. It would be a shame if all that were lost.

**Detonate** · Aug 01, 2013, 09:08 AM

I already have a Ubuntu One account, so I did not have any problems. Had LastPass generate a new password for the site. I too, do not visit that forum often, usually as a result of a Startpage search, but if you want to post to a thread, you must be logged in.

Announcement

Ubuntu Forums hacked

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Users Viewing This Topic