Home > Internet > OpenSUSE and SpreadFirefox Cracked OpenSUSE and SpreadFirefox Cracked Submitted by LogError 2005-10-04 Internet 35 Comments Schools are apparantly closed for 12 year olds this week, since two large websites got cracked. Earlier this week, the OpenSUSE website got cracked by political activists, and today, the SpreadFirefox website was the target (again). About The Author Thom Holwerda Follow me on Twitter @thomholwerda 35 Comments 2005-10-04 1:33 pm Should we be concerned about the security of the Firefox browser by a company that can’t seem to secure it’s own web sites? discuss… 2005-10-04 1:37 pm Thom Holwerda Should we be concerned about the security of the Firefox browser by a company that can’t seem to secure it’s own web sites? discuss… A metal worker at Ford cut his hand… Should we be concerned over Ford cars’ road safety? 2005-10-04 3:15 pm A metal worker at Ford cut his hand… Should we be concerned over Ford cars’ road safety? Well if he cut it opening a completed car’s door then I’d be concerned. There is other technology to reduce and meet our energy needs. Fossil or nuclear are all we have. The environmentalists could cover the world with wind farms, fill the sea with hydro platforms, drill any left over gaps of land for geo-thermal and STILL there wouldn’t be enough reliable power for current demands let alone future demands. Since burning fossil fuels is considered “bad” (Something I agree with) fission or (Please god) fusion power is the future. I still don’t understand why there isn’t far greater international funding for fusion research. 2005-10-04 2:16 pm dylansmrjones No of course not! The exploit was in TWiki and not in the Mozilla software, as could be read. But you didn’t follow the links, did you? The developers are concentrating on the software and not the website (pretty common for most projects – even proprietary projects). 2005-10-04 3:17 pm “The exploit was in TWiki and not in the Mozilla software, as could be read. ” Maybe we all should be discussing the security of perl based Wikis? 2005-10-04 2:17 pm Mr Troll, go and do troll somewhere else. Your comment is very very stupid. Grow up, please! 2005-10-04 2:47 pm I think he asked a fair question. At least, it’s the question someone is bound to ask. It’s an obvious question. He asked it in a neutral way which allowed people to quickly answer “no”. I mean, it’s not like he came on and said, “SEE?! Open source sucks. It’s not more secure!” He asked, should we be concerned. People answered, no. What’s wrong with that? 2005-10-05 2:18 am ChiliJ I agree. The poster might be ignorant, but doesn’t seem to be aiming to troll. 2005-10-04 4:40 pm “discuss…” You are an idiot. The discussion has now ended. 2005-10-04 1:36 pm is the opensuse link suppose to point to spreadfirefox.com?? as for the topic, i think their coders are spending a lot more time on the browsers and other software, and neglecting the website… this is common of a lot of OSS groups actually. 2005-10-04 2:21 pm How about focusing on the speculation that some code in suse repository may have been poisoned? I think the public that is looking for news-about-OSes don’t give a damn about some random script kiddies fun –gabriel 2005-10-04 2:25 pm StephenBeDoper nm 2005-10-04 2:43 pm Well it is IRAN’s right to develop nuclear power. THe US/British alliance wants then to buy it all from us. That’s what it’s all about. I’d prefer them not to deface SUSE’s website, since I kinda like the distro. But, they are right. 2005-10-04 4:24 pm BryanFeeney Actually no, Europe was offering to fuel and co-operation in other civilian nuclear technologies, as well as improved trade, political and security ties to Iran. What they, and the rest of the world, balked at was Iran’s insistence on using technologies such as uranium enrichment, and plutonium generation plants; which are more useful for creating nuclear weapons than actually generating power. The enormous cost of developing such technologies fail make economic sense if Iran’s intentions are exclusively peaceful. A lot of countries happily manage to generate power without them. The fact is all this concern hasn’t come out of nowhere : Iran has a history of non-compliance and deceit when it comes to the development of nuclear weapons. It also makes regular threats to other countries, claiming to have the ability to “rain fire on Zion” for example. And while Israel has definitely breached the NPT, most countries feel it is far too bothered with it’s own domestic concerns to launch an attack on a neighbouring country. These are some good articles on the subject: http://www.economist.com/displayStory.cfm?story_id=4129003 http://www.economist.com/displayStory.cfm?story_id=4300284 2005-10-04 4:42 pm eMagius And while Israel has definitely breached the NPT, most countries feel it is far too bothered with it’s own domestic concerns to launch an attack on a neighbouring country. Much like Germany was too bothered with its domestic concerns to launch an attack on a neighboring country in the late 1930s, right? 2005-10-04 2:55 pm lasermike026 No country, including the United States, needs nuclear power. There is other technology to reduce and meet our energy needs. Electricity is good. Potentially irradiating 1/4 of the united states by nuclear accidents is not good. I don’t know how I can make it any more clear. 2005-10-04 3:38 pm Ben2040 “Potentially irradiating 1/4 of the united states by nuclear accidents” Well considering nuclear power is one fo the safest/cleanest/most reliable/highest output power sources around I think that may be an overstatement… 2005-10-04 4:40 pm BryanFeeney Do you know that coal powered stations tend to emit more radiation that nuclear powered stations? The reason is coal tends to contain trace amounts of radioactive materials such as uranium and thorium, which get caught up in the smoke when it’s burned and thus enter the local atmosphere. This happens because coal-plants were built by people to whom the radiation risk simply didn’t occur. Nuclear plants, on the other hand, were built and designed by people who were paranoid about the radiation risk. They emit pretty much no radiation. There are a handful of exceptions here (Sellafield in the UK springs to mind, which has covered up leaks from both the public and the UK government), but by and large they’re fine. This illustrates why, by and large, people are useless at evaluating risk. Bruch Schneider talked about this in his book “Beyond Fear”. He used the example of sharks and pigs. Most people, if asked, would say they were more afraid of shark attacks, however it turns out that pigs are responsible for more deaths every year All countries will probably have to turn to nuclear energy in the future. There has been little success with nuclear fusion, fossil fuels are running low (though high oil prices make some more esoteric sources, such as tar-pits, feasible), dams are controversial and natural sources like wind and light can’t be relied upon for a constant, uninterrupted supply. The real problem with nuclear energy is that it’s enormously expensive, both in terms of initial capital costs, and the costs of safely dealing with radioactive waste over the long term  http://www.ornl.gov/info/ornlreview/rev26-34/text/colmain.html  http://www.pbs.org/wgbh/pages/frontline/shows/reaction/interact/fac…  http://www.itconversations.com/shows/detail119.html 2005-10-04 3:48 pm i have to say, slightly off topic, no-one has offered a credible reason they can’t have such technology if we can. hostile use? well lets keep in mind who actually *has* used it in hostility. 2005-10-04 4:07 pm Smartpatrol i have to say, slightly off topic, no-one has offered a credible reason they can’t have such technology if we can. hostile use? well lets keep in mind who actually *has* used it in hostility. The argument isn’t about whether or not they can have it but whether or not they are ready for the responsibility. You may ask who are we to decide who get nukes and who doesn’t we are the people that have to deal with the mess after a country like Iran nukes Israel, Europe or some other western nation because they think the west is the “Great Satan”. Not to mention that they made it clear that they do not want to participate on equal footing in modern civilization. They also have been offered light water reactors to generate power (which are harder to use for enriching Uranium) which Iran declined. So it’s obvious what their intentions are to develop nuclear weapons. True the US did use nuclear weapons in war time. That one action while initially destroying many lives saved many millions more over the years especially during the cold war. With the simple understanding that the US will use its nuclear deterrence if forced to. Either way I would guess that these hackers are Government funded based on the amount of censorship of the web that goes on in Iran and the blatantly specific reference to Nuclear Power(something I would guess the average Iranian gives two shits about). 2005-10-04 4:58 pm Thom, your “witty joke” is nothing but an insensitive jab at people who had nothing to do with this vandalism. Perhaps you should find something better to do with your time, because your persistent negative presence on this board is driving people like myself away. 2005-10-04 5:43 pm And how do we really know those hackers are really Iranian, and not some third party masquerading as Iranians? There are countries that would like to fight a war with Iran right now, so its possible that some third party is trying to give that country a bad name. On the subject of Nuclear power: the world only has so much supply of coal. Electricity generation through nuclear fission is necessary and inevitable for EVERY COUNTRY in the long run. Besides, you can only hide scientfic knowledge for so long. On the subject of war: How are Bush and Cheney more responsible than the Ayotallahs? Bush believes PRE-EMPTIVE nuclear strikes. His strongest base are amidst conservative fundamentalist christians. He claimed, in public, that God asked him to Strike Alfghanistan, and then Iraq. Even as we speak, the US is actively manufacturing new types of nukes. The only way for a country to avoid a random strike from the US is for it to have significant amounts of nuclear bombs. Iraq is a good example of what happens to countries who refuse to build nuclear bombs. US/Isreali attack on Iran is inevitable in the long. Sorry folks, but the only way for Iran to stop this is to build a sizeable nuclear arsenal. 2005-10-04 6:39 pm Smartpatrol The only way for a country to avoid a random strike from the US is for it to have significant amounts of nuclear bombs. Iraq is a good example of what happens to countries who refuse to build nuclear bombs. US/Isreali attack on Iran is inevitable in the long. Sorry folks, but the only way for Iran to stop this is to build a sizeable nuclear arsenal. Your kidding right? do you think for one second Israel will allow Iran to posses a single nuclear device let a lone an arsenal?. The US has never been careless with its nuclear weapons. We have stateted that we will not rule out any options in certain engagements however they are extreme scenerios in the least. Iran has little to worry about from the US. It is true that there is no way of knowing who actually defaced the sites Iranian or otherwise. But hackers like to brag. 2005-10-04 6:03 pm Vonskippy Aren’t there moderators on this forum anymore? How about deleting all the political bullshit and keep the posts on topic???? 2005-10-04 6:44 pm Ressev It would be nice, wouldn’t it? There are to many of them to vote them all down, unfortunalty. Who is this Thom character and how did he get to be a managing editor? I am not certain how Political Activist translates into 12 year old – I suppose it must be an inside joke? As for the topic: Sounds like TWiki needs a good going over. Nothing about the defacing of the site itself relates to Suse or Firefox. It just reflects badly on administrative decisions for both of those sites and the vulnerability of TWiki. 2005-10-04 6:10 pm maceto What flaw the exploited? Unpatched? or just Suse/Novell don`t have the same security as Redhat? get back from you political debating and start the real stuff! 2005-10-04 9:48 pm cm__ Here’s the related posting to firstname.lastname@example.org: http://lists.suse.com/archive/suse-security-announce/2005-Oct/0001…. 2005-10-05 12:06 am rm6990 What flaw the exploited? Unpatched? or just Suse/Novell don`t have the same security as Redhat? get back from you political debating and start the real stuff! Reading the article could enlighten you as to what was exploited. Is that too much to ask? Do you have to be fed too? 2005-10-04 7:24 pm I thought this was about compromise of servers not weapons… my bad ;0 One would assume that opensuse.org is running on suse Without looking it up, safe guess. What I wonder is if they were running SELinux if that would have stopped some of this. jlc 2005-10-04 7:33 pm Open source fantatics and Muslim fanatics are natural allies, so I don’t understand how this could have happened. 2005-10-04 8:28 pm It’s been a long time since I last saw such pointless and misguided hacktivism. These kids didn’t even bother to figure out what the target audience would be for defacements such as this. OpenSuSE and SpreadFirefox are tech websites for crying out loud! Within our communities, do most of us even know anything about the nuclear situation in Iran (judging from the posts so far, not much – many of you just think you do)? Do any of us have political influence in such areas? Or better yet – Can we even vote on such things? No, no and NO. Not even the big IT corporations (IBM, Microsoft, Novell, Sun..) have influence when it comes to nuclear politics. At most, our communities care about open source and free software – that’s about as political as we get. I for one couldn’t care less about their “message” and even if I did the last person I’d listen to would be some kid defacing one of our community websites. Let’s face it – it’s an immature act and maturity is most definetly a must-have requirement when it comes to nuclear technology. Within short the websites will be back online and this will be nothing but a distant (albeit perhaps irritating) memory. Pointless. If you kids were trying to find a purpose in life – try a different avenue, you clearly screwed this one up. 2005-10-04 8:29 pm “It would be nice, wouldn’t it? There are to many of them to vote them all down, unfortunalty.” Why is the political talk not relevant? The topic is of a political message put on various sites by a group of hackers. The posters are on topic. Politics is, unless this a joke by a group of Western kids, at the very heart of this subject and so should be fair game for discussion. 2005-10-05 1:58 am Celerate SUSE isn’t responsible for the US stance on Iran and nuclear power, defacing the OpenSUSE site in my opinion is no different than any web-site defacement. If they wanted to send a message then why not do it through moral and legal means, I think the “political activism” part was just to draw publicity to their deed. If this was really to spread a political message, and they were dumb enough to think defacing a site to spread it wouldn’t destroy their publicity, then why not deface a site that gets much more traffic. 2005-10-05 3:13 am A few facts. Don’t post anything unless you anknowledge these facts. 1) SpreadFirefox.com has *NOTHING* to do with Mozilla Foundation 2) There was no security hole in Linux or Apache 3) There was no security hole in any Mozilla.org software 4) Mozilla.org does not produce SpreadFirefox.com 5) Site was hacked because of an unpatched badly coded (perl) Wiki script. Check: [ ] I Understand the reason of hacking [ ] I don’t? (Leave the site and don’t comment anything stupid) 2005-10-05 3:46 am Open source fantatics and Muslim fanatics are natural allies, so I don’t understand how this could have happened.