Ubuntu scam?

[devonwoody]

Is this a scam or genuine do you know, and should I do what is says, I dont like changing passwords because of memory loss these days?

Hello,

You are receiving this message because you have an account registered with this address on ubuntuforums.org.

The Ubuntu forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted copy of your password from the forum database.

If you have used this password and email address to authenticate at any other website, you are urged to reset the password on those accounts immediately as the attacker may be able to use the compromised personal information to access these other accounts. It is important to have a distinct password for different accounts.

The ubuntuforums.org website is currently offline and we are working to restore this service. Please take the time to change your ubuntuforums.org account password when service is restored.

We apologize for any inconvenience to the Ubuntu community, thank you for your understanding.

The Canonical Sysadmins.

 

[AndyT]

Whether or not the forum in question has been compromised it's excellent advice.
(I assume you are a forum member.)

The reason why people attack sites such as forums is that they can get a bunch of IDs and passwords to try elsewhere so if you've used the same password for your Amazon or Paypal account you can lose money.
I recommend using different passwords for every site that needs one. Write them down in a book and keep it in a safe place. They can't hack your house!

 

[devonwoody]

Andy your comments are valid, but I have been a computer user since 1998,( 15 years) can you imagine what a password book would look like with frequent changes of details, it could finish up the size of a dictionary!!!!!!!!!!!!!!!

 

[AndyT]

I upgraded ours to an A5 ring binder with alphabetical dividers. One sheet per company/website/account.
There are technical fixes based on password management software but I like this approach as I am properly in control.

 

[stevenw1963]

I would personally never follow a link that came through an e-mail asking me to change a password.
Ebay is one where scammers try this a lot, the simple fact is, go to the site in question & see what it says there, if there is no message similar to your e-mail then it's a scam. If the site isn't there, wait until it comes back up then re-register.
Never follow an e-mail link, no matter how genuine it looks.
Supposedly Ebay e-mails for example have subtle clues to see if they are genuine, the most common one is the email address it is from says ''ebEy'' rather than ebAy.

Hope this helps

 

[devonwoody]

I upgraded ours to an A5 ring binder with alphabetical dividers. One sheet per company/website/account.
There are technical fixes based on password management software but I like this approach as I am properly in control.

Andy just think if many of the passwords were the same or similar what a task you would have changing that lot. :twisted:

An if every password is different what a task you have when your computer goes AWOL or whatever.

 

[nev]

I dont think its a scam.
1. there is no link to phish you
2. they are saying if you use the same password elsewhere, you may wish to go there and change it, not go to them and change it, so there is nothing for them to gain.


for example if you were reg'd with your email [email protected] with password *^$££$^%$£"£%^'' and some one has that info they will go to the usual money sites (paypal, ebay amazon etc etc and try their luck logging in with that email and password

 

[devonwoody]

I have had a look through my password list and I cannot see I have any entries for Ubuntu, although I know I have had some dealings with it some time ago.

http://ubuntuforums.org/announce.html?p ... st10845479

 

[AndyT]

I upgraded ours to an A5 ring binder with alphabetical dividers. One sheet per company/website/account.
There are technical fixes based on password management software but I like this approach as I am properly in control.

Andy just think if many of the passwords were the same or similar what a task you would have changing that lot. :twisted:

An if every password is different what a task you have when your computer goes AWOL or whatever.

The point is that a paper list makes it feasible to have all passwords different - I certainly could not remember them all.
So if one password is compromised, I don't need to change the others. If I'd re-used passwords, then I would have work to do.

Needless to say, this is not the whole extent of our family's security precautions!

 

[WoodMangler]

This password breach would appear to be genuine, it's all over the computer press and blogs. Changing things as they suggest is a valid suggestion, I'll certainly be doing it.

 

[martinka]

I got the same email but haven't used the forums for years so my username and password are long forgotten.

Read what the hacker himself has to say about it, then change your password anyway just in case he's lying.
http://grahamcluley.com/2013/07/ubuntu-forums-passwords/

 

[whiskywill]

No mention of it on here.
http://www.hoax-slayer.com/

 

[Alex H]

I run a desktop with Ubuntu and am a forum member.

the english language forum currently has this header;

Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated with progress reports.
What we know

Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database.
The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.

 

[DrPhill]

I upgraded ours to an A5 ring binder with alphabetical dividers. One sheet per company/website/account.
There are technical fixes based on password management software but I like this approach as I am properly in control.

Andy just think if many of the passwords were the same or similar what a task you would have changing that lot. :twisted:

An if every password is different what a task you have when your computer goes AWOL or whatever.

The point is that a paper list makes it feasible to have all passwords different - I certainly could not remember them all.
So if one password is compromised, I don't need to change the others. If I'd re-used passwords, then I would have work to do.

Needless to say, this is not the whole extent of our family's security precautions!

If you are using a Linux distro you can use something like encfs. This will create an OTFE (on the fly ecrypted) file system (which can of course be mounted anywhere like normal folders). I store my sensitive data in this encrypted folder hierarchy. In this sensitive data I have a file with my passwords. My home directory is also protected by my logon password.

The result is that once I have logged on (with password), a quick command at the command prompt (need to supply a password) will mount my encrypted data and it looks just like any other folder. So with my normal logon password, and my extra password I can protect all my passwords in one place. Of course, a backup is vital. A copy of the encrypted stuff is still encrypted, and thereforre protected.

On windoze there are various programs to store your passwords. I never trusted security on windoze though. Maybe things have changed by now.

 

[dm65]

As with anything like this, NEVER follow a link to update any details, always go direct to the website and do it from their links

If you don't have a password recorded, it may be worth using the 'forgot my password' link that is usually available so you know no personal details can be obtained

 

[Robbo3]

Andy your comments are valid, but I have been a computer user since 1998,( 15 years) can you imagine what a password book would look like with frequent changes of details, it could finish up the size of a dictionary!!!!!!!!!!!!!!!

Could I suggest an address book/telephone directory, the type with tabbed alphabetized pages. £1 shops often have them but if you can't find one, I have a spare that you can have.

It's what I use & I have well over 100 log on details & passwords. Makes them relatively easy & quick to find.

I also advise novice computer users with only a few passwords, which these days also includes users of tablets & mobile phones, to write them on a piece of paper & store it somewhere close at hand such as in a book or a CD case. Convenient but out of sight.

HTH

 

[devonwoody]

Den, these days it can be difficult getting to the correct url, google quite often lists many that are what I call pirates using similar urls to the correct address.

Any advice how to get the correct url when doing a search?

 

[dm65]

Den, these days it can be difficult getting to the correct url, google quite often lists many that are what I call pirates using similar urls to the correct address.

Any advice how to get the correct url when doing a search?

I would always try the obvious first - in this case, ubuntu.com

I did try this and went to the forum page where they are describing a security breach (http://ubuntuforums.org/announce.html)

As for how best to search, search engines return so much, with paid advertising listed first, that it can be difficult to choose which link to follow but I always look for part of the company name in the url as the company will have usually registered their name as a domain

If you find such a link, use it and then go to the homepage where you can then look for what you want on their own site

Having said that, there is no guarantee that this is ALWAYS the case (and I can think of a couple of bits of software we use regularly that fall outside of this)

Fortunately, we have bookmarks in our browsers so, having spent some time finding the correct address, we can now save it for the future

 

[PeterBassett]

Not sure if anyone else has said, but this is not a scam. The forum was hacked and they have been breached. Change your passwords on other sites if you use the same one in multiple places.

Pete