vb.org Archive - Important: It is all about trust

Page 17 of 24

« First

Last »

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- News and Announcements (https://vborg.vbsupport.ru/forumdisplay.php?f=2)

- - Important: It is all about trust (https://vborg.vbsupport.ru/showthread.php?t=115640)

JohnBee

05-22-2006 02:47 AM

Quote:

Originally Posted by Paul M

There are/were no "backdoors", perhaps you should re-read the original message.

Really...?

Quote:

The reason for this thread is that, to our own shame, we received recently reports that there are coders who do incorporate hidden functionalities in their modifications. Lucky the type of hidden functions could be considered as relative harmless, but we will nevertheless not tolerate this. I would like to emphasize that this did not sent any security or privacy related information, nor did it in anyway brake the security of your site.

DementedMindz

05-22-2006 02:48 AM

wow is all i can say from readin this thread... i known of one that had it but it was removed right away and fixed... but i think things are getting a lil crazy around here anymore... and its time for the staff to take actions against these people... i think it would be wise to post the coders that have done it... this way it lets them know it wont be tolerated and has been noticed.... i guess its time to watch out what im installin and look over the code first... ashame that it now comes to this.... just one more hurdle this week for vb.org

Paul M

05-22-2006 02:56 AM

Quote:

Originally Posted by JohnBee

Really...?

Yes, really.

Roms	05-22-2006 03:00 AM

^^ These are the same type of people that sign important contracts without ever reading them... :p

Shaliza

05-22-2006 03:32 AM

I guess at this point, the only way to find out which hacks have the "install" code is to look through it yourself. And I'd still like an answer as to why this wasn't in the readme files? Why does that keep getting overlooked?

Boofo

05-22-2006 03:38 AM

The issue has been dealt with and plans or in the works to make sure this never happens again. As was said in this thread, it was a small non-intrusive item but we are working to avoid ANY such instances in the future.

Guest190829

05-22-2006 03:49 AM

There seems to be some confusion at the extent of what has happened.

The issues that have been made public, are completely harmless. They are not backdoors into your forum. They will not break your forum.

The issue here is that some coders implemented a way to automatically click "Install" on vb.org whenever a product/plug-in was uploaded. The reason why we've decided to let users know about this, is because most of the time this happens with out the Admin's consent.

The "backdoor" involved here was with www.vbulletin.org, not your forum. External GET requests we're not being checked, which allowed certain authors to do this, but we now have blocked anything like this.

Your forum was never in jeopardy. Marco has bolded various statements in his post that further clarify this statement. We will not give out the names of the coders who did this, because it is not needed.

This new policy was put in place because we became aware that some products/plugins had unethical (not to be mistaken with HARMFUL) code in them, and the staff felt that any unethical code should not be tolerated.

Harmful code was never (and never will be) tolerated on vbulletin.org.

Logikos

05-22-2006 05:12 AM

Nicely said Danny. :)

kall	05-22-2006 05:21 AM

Nothing here is 'verified' as such. The only person/people you could POSSIBLY have a claim against would be Hacks posted by vBulletin staff, and even then..it is up to you, the end-user, to determine whether these hacks are "unsafe".

Really, anyone who installs 3rd-party modifications on their site without verifying the integrity of the code is asking for trouble.

FYI: I probably have some of these hacks installed. I care very little. I click INSTALL on everything I install, both to show respect to the author and to keep track of the hacks I have installed.

I don't install hacks provided by.. well, lets just say I only install hacks written by people I trust. I developed that trust by following threads here and working out who was an honourable person.

Boofo

05-22-2006 05:28 AM

Quote:

Originally Posted by kall

I don't install hacks provided by.. well, lets just say I only install hacks written by people I trust. I developed that trust by following threads here and working out who was an honourable person.

That explains why my install count is always down by one. I thought we... I need a minute here to collect myself, I'm sorry... :(

All times are GMT. The time now is 12:04 PM.

Page 17 of 24

« First

Last »

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01388 seconds Memory Usage 1,741KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (4)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)pagenav_pagelinkrel (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: