July 15th, 2016

Ubuntu Hacked, Linux Journal Extremists & More…

Also included: Microsoft shows love of Linux with gift of Skype and Torvalds continues to be Torvalds.

FOSS Week in Review

The biggest Linux story this week by mainstream tech sites’ standards was Skype working to include Linux users in its installed base by releasing a new Linux client to replace obsolete software that hadn’t been updated in at least two years. According to many of the comments on FOSS Force’s coverage, Skype might consider itself a day late and a dollar short.

The big problem, of course, is Skype’s ownership by Microsoft, whose love of Linux is so far unrequited. Add to that the fact that Skype, like Microsoft, doesn’t have the monopoly it once had and the result is a less than enthusiastic response. However, it wouldn’t surprise me if Ubuntu doesn’t start installing the Skype client by default once it comes out of beta.

Now on to some news that’s really newsworthy…

Bumblehive NSA

The “Bumblehive” NSA facility in Utah

In a story reported all over the place — I first saw it on Techspot India — it appears that the NSA is still spying away on folks all over the world. This, I’m sure, will come as a big surprise to all of you. I’m also sure our readers will trust the NSA’s assertion that we here in the United States, along with residents of Canada, the UK, New Zealand and Australia, aren’t being snooped upon because we’re protected by some sort of magical shield which recognizes us as being one of the “Five Eyes.”

This is all so mystical, is it not?

So what are the folks at the NSA seeking to find with their constant snooping? If they’re using the XKeyscore spy program that was revealed last year by Edward Snowden, they want to find people who are concerned about online privacy, especially folks who read Linux Journal or use Tor and Tails Linux. Once identified, the NSA flags them as “extremists.”

This is the conclusion of German public television broadcasters NDR and WDR who, along with members of the Tor project, spent months analyzing XKeyscore source code that had been leaked by a so far unknown source.

Marked and then tracked are the IP addresses of anyone who searches for “tails” (which it calls “a comsec mechanism advocated by extremists on extremist forums”), “Amnesiac Incognito Live System” (another name for the Tails distro), “linux,” “USB,” “CD,” “secure desktop,” “IRC,” “truecrypt” or “tor.” In addition to Linus Journal, the application also monitors the websites privacy.li, FreeProxies.org, HotSpotShield, MegaProxy, FreeNet, Centurian, and an email service offering anonymous service called MixMinion.

Remember, none of this affects those of us living in the United States. We’re safe. We’re protected by some black lodge, the Brotherhood of the Five Eyes or some such. In other words, we’re living in an episode of “Twin Peaks.”

OMG! Ubuntu’s been hacked. Ubuntu has joined to exclusive club of Linux distros that have recently had their servers hacked and lived to tell about it. I initially heard about this earlier today on Softpedia, but the story has since been reported by every tech site with a live body sitting at a keyboard on a Friday afternoon.

As far as we know, unlike the Mint breech of a few months ago, the hackers didn’t manage to take over downloads or do anything drastic enough to cause Canonical to completely shut down its servers. But this incident must be embarrassing, to say the least, for a distro that’s trying to make money by convincing the enterprise that Ubuntu is a safe and secure server OS — you know, “you’re in good hands with Canonical” and all that.

It appears the cracker/hackers were able to break into Ubuntu’s Forums and walk away with a copy of the database, at least the part containing IP addresses, email addresses, and usernames of over two million registered users. Ouch! The good news, according to Ubuntu, “No active passwords were accessed; the passwords stored in this table were random strings as the Ubuntu Forums rely on Ubuntu Single Sign On for logins. The attacker did download these random strings (which were hashed and salted).”

Entry was gained by taking advantage of a known SQL injection vulnerability that had not been patched — another ouch for a company trying to gain the trust of the Fortune 500. After confirming that the forum had been compromised, Ubuntu took it offline for a while, although service has since been restored.

Quick take: Linux founder and head honcho Linus Torvalds lost his temper again on the Linux Kernel Mailing List, this time because he didn’t like the syntax that was being used in code comments. Among other things, he’s reported to have written, “”I’m sure that looks really nice if you are out of your mind on LSD, and have nothing better to do than to worry about the right alignment of the asterisks.” Personally, I’m surprised that Torvalds knows what the world looks like on LSD.

Parting shot: I don’t know if you’ve been reading about the trials and tribulations of Robert Glen Fogarty, FOSS Force’s endearing resident Linux newbie. It seems that someone has convinced Fogarty that he can breath new life in an ancient old Sony Vaio laptop by loading it up with Linux and open source. He’s doing so the hard way, by writing about it on our site and relying on comments from our readers for advice. I’m wishing him good luck with that.

So far he’s managed to get Ubuntu MATE installed on it, but has since been stymied with a series of hardware issues. Maybe some of you might want to wander over, read his latest article and maybe offer him some advice.

That does it for this week. Oh, and lest you forget, may the FOSS be with you…

The following two tabs change content below.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

Latest posts by Christine Hall (see all)

5 comments to Ubuntu Hacked, Linux Journal Extremists & More…

  • Mike S.

    The free software Skype alternatives are maturing, so maybe we should be grateful that first Skype itself and then later Microsoft let Skype rot for a few years. If the project had been consistently good for Linux, maybe the alternatives wouldn’t have received so much effort.

    Thanks, Microsoft!

  • Mike

    @Christine,

    Your statement that the problem with Skype is due to it being from Microsoft makes people opposed to it sound childish.

    I oppose Skype because it is insecure, ***NOT FOSS***, and an NSA data suck.

    I posted a link recently to the EFF’s review of the security of various messaging clients.

    Skype is among the absolute worst.

    https://www.eff.org/node/82654

  • Daniel

    Ubuntu was not hacked… Ubuntu Forums were… Please let it clear…

  • dgrb

    Actually, Torvalds’ rant had nothing to do with syntax whatsoever, merely layout.

    And, while his comments were undoubtedly OTT, I agree with him.

  • For advanced COMSEC, visit this site: http://www.cyanbyte.de
    There is an open-source Python software called OMEGA.