Canonical downplays Ubuntu hacks

Ubuntu safe, despite hacks

Canonical, the commercial sponsor of the Ubuntu Linux, has said that compromises of most of its local community servers last week did not reflect on the distribution's security or enterprise-readiness.

The company said such criticisms were wide off the mark, since the affected servers were running old, unpatched versions of Ubuntu as well as a number of insecure web applications.

The compromises affected five of the eight Local Community (LoCo) hosting servers, which are sponsored by Canonical for the use of local-area Ubuntu developer communities but hosted outside the company.

Canonical was at pains to point out that the servers did not host downloadable software, but mainly news pages, blogs and localized documentation.

The problem came down to the fact that responsibility for the security of the machines didn't clearly belong to either Canonical or the communities using the servers. The systems were all located outside Canonical's own data center.

The problem first came to light on Monday evening, when Canonical received reports that one of the LoCo servers had been compromised, and an investigation found four more of the servers had been hacked.

"Since it was reported that they were actively attacking other machines... the decision was taken to shut the machines down," said James Troup, head of Canonical's system administration team, in a report on the breaches which was published on Ubuntu newslists.

The systems could have been breached in several ways, Troup said, since they were being accessed using FTP without SSL and were running more than a dozen web software packages, all of which were out-of-date and missing security patches.

What's more, the systems were running a version of Ubuntu Linux that is no longer receiving security updates from Canonical, meaning there was no way of fixing more recent security issues.

That's because more recent versions of the operating system failed to work with the servers' network hardware, Troup said.

"This probably allowed the attacker to gain root," Troup said.

The communities affected will have the choice -- of moving their servers into the Canonical data center, where they'll be kept up-to-date but will have stricter limits on how they're used, or sticking with outsourced servers but taking on the full responsibility for administration.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?