CaféLinux.org Forum
July 03, 2008, 11:00:06 pm *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Tickle your sight with Optickle Art.
 
  CaféLinux.org   Home   Help Search Gallery Tags Links Staff List Calendar Members Login Register  
Quick Link: OzOS "A Reality Different"
Digg This!
CaféLinux.org Forum > CaféLinux.org Developers Lab > CaféLinux.org Developments > Topic: Security Notice
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Security Notice  (Read 1262 times)
 
0 Members and 4 Guests are viewing this topic.
Jacob
Architect
*****
Offline Offline

Posts: 3
« on: April 18, 2008, 11:24:11 am »
At approximately 10 AM EST today (April 18), a malicious user uploaded an image to OptickleArt.   This image really was not an image at all, but rather a PHP script with a different extension.   The script injected code into many pages on CafeLinux.  org, and as a result users were unable to login to many areas of the site. 

If a login was attempted twice, then the page would have a hidden block linked to a malicious site.   What the site did is unknown, but in security situations it is best to look at the worst possibilities. 

Because the attack merely injected an embedded frame into pages, the only thing that could have been sent to the site was cookie data.   If you had at least Firefox 2, the page would have not even loaded due to phishing protection.   If the page did load, the only way for CafeLinux cookie data to be sent would be an exploit of an old browser.   And finally, if somehow your CafeLinux cookie data was sent to the site, it was just session information.   No passwords are stored in cookies. 

However, if you logged in at all on or around April 18th before this message, I highly advise you to change your password, since you never know if something else happened with the exploit.   No accounts, data, or passwords were taken from the site or its databases.

Until we are able to fix the problem, OptickleArt will remain offline.   I apologize if this means you cannot get to your images, but we need to do a full run-down of the site.   I have performed a full security audit of all other areas of the site, and have removed all of the malicious code by reverse-engineering the exploit.   From this point on, it is safe to access all areas of CafeLinux. org.

Full details will be posted to CafeLinux team members.  If anyone has any questions, I am "jacob" in ##cafelinux on irc. freenode. net.  I can also be reached via email at jpeddicord at ubuntu dot com.
« Last Edit: April 18, 2008, 11:40:56 am by Jacob » Logged
RaV TuX
Architect
*****
Online Online

OS Used: OzOS, PC-BSD, "XP Tablet PC Edition 2005"
Posts: 1986



WWW
« Reply #1 on: April 18, 2008, 11:40:26 am »
Quote from: Jacob on April 18, 2008, 11:24:11 am
At approximately 10 AM EST today (April 18), a malicious user uploaded an image to OptickleArt.  This image really was not an image at all, but rather a PHP script with a different extension.  The script injected code into many pages on CafeLinux. org, and as a result users were unable to login to many areas of the site.

If a login was attempted twice, then the page would have a hidden block linked to a malicious site.  What the site did is unknown, but in security situations it is best to look at the worst possibilities.

Because the attack merely injected an embedded frame into pages, the only thing that could have been sent to the site was cookie data.  If you had at least Firefox 2, the page would have not even loaded due to phishing protection.  If the page did load, the only way for CafeLinux cookie data to be sent would be an exploit of an old browser.  And finally, if somehow your CafeLinux cookie data was sent to the site, it was just session information.  No passwords are stored in cookies.

However, if you logged in at all on or around April 18th before this message, I highly advise you to change your password, since you never know if something else happened with the exploit.  No accounts, data, or passwords were taken from the site or its databases.

Until we are able to fix the problem, OptickleArt will remain offline.  I apologize if this means you cannot get to your images, but we need to do a full run-down of the site.  I have performed a full security audit of all other areas of the site, and have removed all of the malicious code by reverse-engineering the exploit.  From this point on, it is safe to access all areas of CafeLinux. org.

Full details will be posted to CafeLinux team members.
Jacob, This is incredible work that you have done. The exploit is troublesome and I am glad to here that you are working on the security of CafeLinux.org.

Jacob, Thank You.

If and when the Optickle Art website comes back up we need to adopt tougher security measures. The new users are already only approved by Admin only, perhaps we can work on further security measures but at this point I am not sure what. Jacob I will defer to your advise on this and I am very glad and truly appreciate that you are on the CafeLinux.org team.

Jozef(AKA Big Sky, RAV TUX, and many other things  Cool )

« Last Edit: April 18, 2008, 01:38:09 pm by Big Sky » Logged

(My Avatar is a gimped image of the Comic "Boy on a Stick and Slither" #2; titled "Fame" Tonight! One Show Only! dated 2000: http://www.boasas.com/?c=2 by Steven L. Cloud. The green snake is Slither of course, I just loved the little flower he was carrying, I added the hearts from the CafeLinux.org Forum Smiley set and horizontally flipped the image. Also, the signature gif is a Fish Jumping, the original source is unknown but I have used this for years including at UF when I was a Mod and even on a Ebay listing once.)
Rui Pais
Architect
*****
Offline Offline

OS Used: OzOS Ubuntu (Gentoo long time ago)
Posts: 675
« Reply #2 on: April 18, 2008, 06:13:05 pm »
Yes absolutly amazingly done!!!

Your work is priceless.
All Cafelinux is lucky to have you with us!

Thank you so much, Jacob.

Rui
 
« Last Edit: April 18, 2008, 06:31:35 pm by Rui Pais » Logged
He had bought a large map representing the sea,
Without the least vestige of land:
And the crew were much pleased when they found it to be
A map they could all understand.
Aubrey
Architect
*****
Online Online

OS Used: OzOS, Ubuntu
Posts: 234
« Reply #3 on: April 18, 2008, 07:22:53 pm »
Above thanks +1

Excellent detective work!
Logged
I am not the only person who uses his computer mainly for the purpose of diddling with his computer.
Dave Barry
Tags:
Pages: [1]   Go Up
  Print  
CaféLinux.org Forum > CaféLinux.org Developers Lab > CaféLinux.org Developments > Topic: Security Notice
 « previous next »
 
Jump to:  

Quick Link: OzOS "A Reality Different"
Design By simply sibyl And Free Forum Hosting
Powered by SMF | SMF © 2006-2008, Simple Machines LLC
Page created in 0.095 seconds with 23 queries.