Bonum Certa Men Certa

OpenSUSE's (or SUSE's) Refusal to Publicly Acknowledge It Got Cracked Shows Face-Saving Arrogance Just Like Novell's

SUSE (or MicroFocus) won't even tell customers when its systems are in fact compromised

Novell cuffs



Summary: The same old and very notorious behaviour we found in Novell persists at SUSE under MicroFocus leadership; security neglected and keeping up appearances more important than honesty

TECHRIGHTS wrote many thousands of articles about Novell. We know Novell extremely well and we have documented its terrible behaviour for over half a decade, well before we began focusing on the EPO for example. As we shall show later, in a separate post, Microsoft's and Novell's "IP Peace of Mind" is making a comeback (as of last night), but right now we wish to focus on the crack I first wrote about on Monday (it has since then generated some press coverage, e.g. [1-3] below).



"Remember that no evidence has been presented by SUSE and moreover the gross negligence here is a bad sign in general."A lot of people still miss the key point. IDG even went ahead with a rather misleading headline, as did Softpedia; rather than state the actual news (that OpenSUSE got cracked) the title says or overstates the 'damage control' from SUSE, diverting attention to what was not affected rather than what was affected (a politician's trick). We used to see lots of that kind of spin back in the Novell days and the 2 articles below, having sought comment from SUSE, give SUSE the benefit of the doubt here. Remember that no evidence has been presented by SUSE and moreover the gross negligence here is a bad sign in general. That's just "faith-based" security. My article about it was so short that it was mostly a screenshot, yet we understand that further coverage is on its way. So let's elaborate a little. "They were using an outdated version of WordPress and got zapped," one person wrote to me after I had published my findings. "It was just the front-end, no code was touched." But says who? SUSE? Can we believe them?

"Nobody has yet covered that issue as properly as we hoped (poor security practices at SUSE) and the fact that they COMPLETELY FAILED or refused to publicly acknowledge what had happened is a serious aspect of it."Whatever caused the defacement, it shows that they lost control of their platform. They did get cracked. Softpedia reported that "openSUSE devs immediately restored the news.opensuse.org website from a recent backup" (so the back end too appears to have been compromised).

Nobody has yet covered that issue as properly as we hoped (poor security practices at SUSE) and the fact that they COMPLETELY FAILED or refused to publicly acknowledge what had happened is a serious aspect of it. We waited patiently to see if an announcement would be made by then, even a reassurance that users should not worry. But nothing came out! To this date (half a week later). They attempted to cover it up, which is BAD BAD BAD. For a so-called "Enterprise-Grade" thing which SUSE tries to market itself as (selling SLE*) this is a serious breach of trust. Who would trust SUSE now?

"If someone injected a back door inside SLED and SLES, SUSE would probably say not a thing, only belatedly removing it and then lying about the whole thing, just like Microsoft does."3 news sites and my own site wrote about it, but not a single word has been uttered by SUSE. They know they got cracked and they are not telling anyone, except when journalists ask them for comment (and press them with evidence).

OpenSUSE has a history of security issues in its sites (see "openSUSE Forum Hacked; 79500 Users Data Compromised" from 2014). Where are the reporters who are willing to ask SUSE some tough questions? Don't let this slide. If someone injected a back door inside SLED and SLES, SUSE would probably say not a thing, only belatedly removing it and then lying about the whole thing, just like Microsoft does.

In the news:



  1. Kurdish Hacker Posts Anti-ISIS Message on openSUSE's Website, Data Remains Safe
    Softpedia was informed by Dr. Roy Schestowitz that the openSUSE News (news.opensuse.org) website got defaced by Kurdish hacker MuhmadEmad on the day of February 6, 2017.

    It would appear that the server where the news.opensuse.org website is hosted is isolated from the rest of openSUSE's infrastructure, which means that the hacker did not have access to any contributor data, such as email and passwords, nor to the ISO images of the openSUSE Linux operating system.

    We already talked with openSUSE Chairman Richard Brown, who confirms for Softpedia that the offered openSUSE downloads remain safe and consistent, and users should not worry about anything. The vigilant openSUSE devs immediately restored the news.opensuse.org website from a recent backup, so everything is operating normally at this time.


  2. OpenSUSE site hacked; quickly restored
    The openSUSE team acted quickly to restore the site. When I talked to Richard Brown, openSUSE chairman, he said that “the server that hosts ‘news.opensuse.org’ is isolated from the majority of openSUSE infrastructure by design, so there was no breach of any other part of openSUSEs infrastructure, especially our build, test and download systems. Our offered downloads remain safe and consistent and there was no breach of any openSUSE contributor data.”

    The team is still investigating the reason for the breach so I don’t have much information. The site ran a WordPress install and it seems that WordPress was compromised.

    This site is not managed by the SUSE or openSUSE team. It is handled by the IT team of MicroFocus. However, Brown said that SUSE management certainly doesn’t want any such incident to happen again and they are considering moving the site to the infrastructure managed by SUSE and openSUSE team.


  3. Best Distros, openSUSE Whoops, Debian 9 One Step Closer
    In the latest Linux news, the news.opensuse.org got hacked and displayed "KurDish HaCk3rS WaS Here" for a while Monday and while the site has been restored, no comment on the hack has been issued. Elsewhere, Debian 9.0 has entered its final freeze in the last steps in preparations for release. FOSS Force has named their winner for top distro of 2016 and Swapnil Bhartiya shared his picks for the best for 2017. Blogger DarkDuck said MX-16 Xfce is "very close to the ideal" and Alwan Rosyidi found Solus OS is giving Elementary OS a run for its money. Phoronix.com's Michael Larabel explained why he uses Fedora and Jeremy Garcia announced the winners of the 2016 LinuxQuestions.org Members Choice Awards.

    [...]

    openSUSE's news portal was compromised Monday by a hacker or group of hackers called MuhmadEmad, via the message left in its place. A Kurdish flag with the message "HaCkeD by MuhmadEmad - KurDish HaCk3rS WaS Here" was displayed for hours before it was taken down and the site's content restored. Roy Schestowitz has a screen capture and said that openSUSE has not yet publicly acknowledged the hack. Swapnil Bhartiya spoke to Richard Brown, openSUSE chairman, who said that site was isolated from most SUSE infrastructure, especially the distribution code. There was no breach of any contributor data either. The site in question is run by MicroFocus, but all are investigating to make sure it's an isolated incident.


Recent Techrights' Posts

South America: GNU/Linux Grew to 8.15% Venezuela, Steadily Over 3% Overall
holding steady above 3%
Clownflare (Cloudflare) Debt Grows, Losses Continue
debt of nearly $400,000 per employee
[Meme] GAGAM: Google, Apple, Gulag, Amazon, Microsoft, and the Rest
The Web has never been more dangerous and hostile
The L Word (Not Linux)
Championing Software Freedom is "dangerous"
It's Easy to Snyk in Marketing SPAM (and FUD) Into BetaNews
The latest marketing piece (disguised as information, not shameless self-promotion)
GNU/Linux at 4% in Algeria
So it more than doubled since last year
[Meme] The Failure of Microsoft Rebranding Campaigns
market share down, costs soared, back to basics
Why Your Web Site Should Also Support HTTP (Without 'Secure')
sites which force everybody to use HTTPS have an inherent accessibility problem
Microsoft Windows is Technically at 0% in Some Countries
It's not an important platform to target anymore
 
Links 03/12/2024: Googlebombing "Windows 12", Games Preservation, and Public Domain Game Jam
Links for the day
It's FOSS? No, It's SPAM.
Another sellout
Steven J. Vaughan-Nichols (SJVN) 'Works' for Linux Foundation (LF) on SPAM Campaigns, Just Like Spamnil's TFiR (Swapnil Bhartiya)
How can he publish something like this under his name?
Microsoft's Debt Ratio is Awful
It owes almost 150% of what it can give
Microsoft Has Already Laid Off Tens of Thousands of Workers, "Headcount" is Misleading Spin From Microsoft-Funded Sites
Expect Microsoft to suck up to Trump, looking for more bailouts (those typically manifest themselves in the form of "defence" contracts)
Gemini Links 03/12/2024: December Adventure and Social Justice Gone Wild
Links for the day
Microsoft Windows Falls to 12.5% in Cuba, Android Soaring
Windows isn't even doing too well on desktops/laptops
ChromeOS Isn't Freedom, But It's Killing Microsoft's Ability to Profit From Windows
ChromeOS has shot up to 22% in Sweden
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, December 02, 2024
IRC logs for Monday, December 02, 2024
Did IBM Layoffs Stop? Ask Dr. Krishna, The 'Genius' of IBM...
Trust AK to solve all the problems of IBM by creating bigger problems
[Meme] Sportwashing vs Code of Censorship (CoC)
Expectation of censorship (censor for me... or else!)
With 4 Weeks to Go (Before the End of 2024) the FSF Has Already Raised Close to 100,000 Dollars
The FSF must be doing something right
"Linux on the Desktop" (Less Than a Third of Web-connected Computers Still a Desktop or Laptop)
It's like we're chasing a goal that's 2 or 3 decades in the past
2 Years Have Passed Since ChatGPT Vapourware and Bing Gained Nothing, Yandex is About to Overtake Microsoft in Search
A cause for concern at Microsoft?
GNU/Linux Rises to 4% in Ireland, ChromeOS Grows and Android Takes Windows' Lunch
Windows down to 22%
[Meme] Meanwhile at Intel (Where the CEO Got the Boot)
Well, if taxpayers pay to save Intel, then Intel should be publicly owned (by those taxpayers)
A Cult of Fake Security
It's almost as if there's a coordinated effort to weed out and drive away people who are passionate about security for the users, as opposed to the financial security of companies like Google and Microsoft
Gemini Links 02/12/2024: Long Hair and Spirituality, Technology and Nature
Links for the day
Windows Not Even a 'Thing' Anymore... in North America (Where It Originally Came From)?
StatCounter shows Windows isn't even listed as a leading platform in any country in North America
Links 02/12/2024: Obesity Crisis to Worsen, Syrian Coups Rebound
Links for the day
Months After Mass Layoffs at Microsoft Nigeria Windows "Market Share" Collapses (Now Measured at 5%)
Of course the winner is Android (new all-time high of 77.3%)
Windows Measured at 5.7% 'Market Share' in Philippines, GNU/Linux Rose to 5%
It was 3.62% last month
South America Has Made It (Android Majority Everywhere) and in North America New Records for GNU/Linux Usage
Windows monopoly rents cannot be salvaged
Windows Down to Only One in Six Internet- or Web-Connected Devices in Asia
it's not looking good for Microsoft
Microsoft Windows Market Share in the United Kingdom Has Fallen to About 20%
Microsoft knows the true numbers, but it would rather not tell
statCounter: GNU/Linux Up to 4.6%, Windows Down Sharply This Month (Almost 22% Worldwide)
Let's see it the figures stay stable throughout the month
Figures of Note: Tesla's Debt Has More Than Doubled in Two Years and It's a Symptom of a Fake Economic Order
Cash infusions by taxpayers can create "billionaires" who aren't "job creators" (see what happened to Twitter) and bring no benefits to these taxpayers, only poverty
Linux Foundation Let Linux.com Rot for Two Months and Now It Posts Ridiculous Spam
Mindless shopping site
Links 02/12/2024: Journalists Arrested, Tesla Factories Destroying the Planet and Public Health
Links for the day
Gemini Links 02/12/2024: Adventures With Bevy, Google Very Evil, Jumping Into Gemini
Links for the day
BetaNews is Still a Shrine of Microsoft, and Casually Also an LLM Slop Factory
Fake articles, anti-Linux FUD, and Microsoft propaganda make a sound "business model"?
[Meme] Cyber Monday is Not a Thing; There's No Such Thing (It's a Corporate SPAM Campaign Plaguing the Web)
Enough with these fake 'holidays' that billionaires (business oligarchs) keep inventing to make more money at other people's expense (debt)
Software Freedom Conservancy (SFC) and Linux Foundation: Same Mentality of Revisionism and Plunder
Lie about history and then 'cash in'
[Meme] Software Freedom Conservancy (SFC) Begs You for Donations
How does one even spend 20,000 dollars per month???
Why Software Freedom Conservancy Does Not Deserve Money (Karen Sandler is Already a Millionaire and Her Organisation Attacks Free Software Leaders)
These people speak for "Big Money" interests, not for freedom
On the internet [sic] (Lowercase), They Spread Misinformation About the Internet
Hugh Grant remembers what happened before he was born
Richard Stallman Was Getting Honorary Doctorates Almost Every Year Until 'Cancel Culture' Stepped in, Distracting From Jeffrey Epstein's Ties to Bill Gates
This finally ended... earlier this year (October)
Self-Deprecating Attacks on RMS
Drew DeVault seems to have deleted all of his social control media accounts
When Bills Are Rising, Whereas the Demand Isn't (OpenAI is Insolvent)
Latest month on record shows traffic fell about 3 times lower than earlier this year
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 01, 2024
IRC logs for Sunday, December 01, 2024
Links 02/12/2024: Climate, Sportwashing, and Software Patents
Links for the day
Gemini Links 02/12/2024: Words and Apologies, Being Rude, and Geminauts 0.1.0 Release
Links for the day
today's howtos
some older leftovers
The Microsoft OSI: All the Latest Blog Posts Are Written by Microsoft Operative Salaried by Microsoft
OSI is truly occupied. Microsoft more or less 'bought' the OSI...
Links 01/12/2024: Russian Police Raiding Gay Bars, Zelensky Wants NATO Membership
Links for the day
Gemini Links 01/12/2024: Recycling and Interest in Computers
Links for the day
Links 01/12/2024: 23andMe's DNA Bubble Imploded, Web Server Survey Shows Microsoft Nosediving
Links for the day
Vulture funds war-gaming Ireland loss of corporation tax revenue, Donald Trump
Reprinted with permission from Daniel Pocock
Gerry Hutch & Debian: suicide by Monk?
Reprinted with permission from Daniel Pocock
Gerry 'The Monk' Hutch: criminals vs geeks, multinationals vs Ireland
Reprinted with permission from Daniel Pocock
"Microsoft suffered the next largest loss, down by 634,406 sites (-3.24%)"
Microsoft is now in only 2 of the 5 tables; over time Microsoft slips out of visibility in more categories
The Post Offices Have Turned Into Trash. They Swallow Packages and Only Spit Them Out If You Get Lucky.
Nom nom nom
Four Years of Videos (Self-Hosted, Not Social Control Multimedia)
Seeing how the "hey hi" (AI) hype spreads to GulagTube and ruins GulagTube, we're glad we need not worry about Google (Gulag) policing our "content" via supposedly 'free' (not really) platforms, such as GulagTube, the social control (multi)media "market leader"
[Meme] Hiding From Bullies Not the Solution
‘The only thing necessary for the triumph [of evil] is for good men to do nothing.’
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 30, 2024
IRC logs for Saturday, November 30, 2024
If You Support Free - is in Freedom/Libre - Software, Then Support the Free Software Foundation (FSF)
2024 was the most productive year so far
CNN's Front Page is About 250 Times Heavier Than Techrights' (Also Far Slower)
Those who value performance and users' experience will give bloat the boot
[Meme] What 'Social Justice Warrior' Has Come to Mean by 2024
People who have long called themselves "SJW" aren't exactly any of those things
We Already Know What Makes Techrights So Attractive to Online Abuse and Cybercrimes
Techrights helps explain how to dismantle the 'cancel culture' against Free software (it also names the key perpetrators)
Microsoft Controlling Apache by Proxy/ies
This is a broader attack on what "Open Source" actually means