vb.org Archive
Page 18 of 24 « First 81617 18 1920 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   News and Announcements (https://vborg.vbsupport.ru/forumdisplay.php?f=2)
-   -   Important: It is all about trust (https://vborg.vbsupport.ru/showthread.php?t=115640)

Logikos 05-22-2006 05:31 AM
[high]* Logikos hands Boofo a tissue :([/high]

kall 05-22-2006 05:35 AM
Quote:
Originally Posted by Boofo
That explains why my install count is always down by one. I thought we... I need a minute here to collect myself, I'm sorry... :(
Oh yeah, you gotta watch that Boofo guy.. I installed the /you code hack once, and found that my bank account was emptied, my rubbish bins overturned and my cat pregnant.

That was a doozy of a backdoor, that was. :)

Boofo 05-22-2006 05:36 AM
Quote:
Originally Posted by kall
Oh yeah, you gotta watch that Boofo guy.. I installed the /you code hack once, and found that my bank account was emptied, my rubbish bins overturned and my cat pregnant.

That was a doozy of a backdoor, that was. :)
Wait till you see my next version dubbed, the /kall code hack. You think your cat had problems...

DementedMindz 05-22-2006 05:38 AM
Quote:
Originally Posted by Boofo
Wait till you see my next version dubbed, the /kall code hack. You think your cat had problems...
:surprised: you better lock your dog up now ;)

wsdeluxe 05-22-2006 07:00 AM
Quote:
The issue here is that some coders implemented a way to automatically click "Install" on vb.org whenever a product/plug-in was uploaded.
Almost every plugin or product i have installed has done that...didnt realise it could be deemed a security threat.

kall 05-22-2006 09:11 AM
Oh man, when I read this in my email, I thought the post above mine was in response to post #172.

How I laughed. :D

peterska2 05-22-2006 09:24 AM
Quote:
Originally Posted by wsdeluxe
Almost every plugin or product i have installed has done that...didnt realise it could be deemed a security threat.
That is why the issue has now been raised, before it got to all of them.

A small number of coders were doing this, so the majority of releases never have had any issues relating to this.

Quote:
Originally Posted by kall
Oh man, when I read this in my email, I thought the post above mine was in response to post #172.

How I laughed. :D
That's just the sort of thing that I do. It makes a serious thread really funny. :D

FASherman 05-22-2006 11:15 AM
Quote:
Originally Posted by Boofo
The issue has been dealt with and plans or in the works to make sure this never happens again. As was said in this thread, it was a small non-intrusive item but we are working to avoid ANY such instances in the future.
How? Will all code that is submitted for download go though rigorous testing before being made available to the public? Anything short of that means nothing is being done about it.

You can out rules in place and a reporting procedure to notify of violations, but steps like that are meant to protect your legal exposure, not our vulnerability to exploitation.

What are you going to do?

Boofo 05-22-2006 11:19 AM
Quote:
Originally Posted by FASherman
How? Will all code that is submitted for download go though rigorous testing before being made available to the public? Anything short of that means nothing is being done about it.

You can out rules in place and a reporting procedure to notify of violations, but steps like that are meant to protect your legal exposure, not our vulnerability to exploitation.

What are you going to do?
Let's just say it will be avoided in the future. ;)

FASherman 05-22-2006 11:31 AM
Quote:
Originally Posted by Boofo
Let's just say it will be avoided in the future. ;)
Thats not exactly comforting, nor is it sufficient. Lets review.

Some authors were inserting, albeit harmless, hidden function code in their programs.

Those functions went unnoticed for months. The staff here didn't find the problematic code for some time, even though it affected their own site.

The points out a glaring security hole in the methodology of this site. Anyone with malicious intent, having read this thread, now knows the best way to exploit VB websites: release code here with hidden functionality.

Thats the issue that needs addressing. And you can't dismiss it with a promise that "something" that we don't get to hear about will be done.

VB.Org opened this can of worms by making it public. You've raised a secuity and business data protection issue, the highest concern in all of IT. Many forums being run support real business, not hobbiests. Your answers are insufficient for that population.

You must come forward, sooner rather than later, and explain how you will verify the integrity of the code available here.


All times are GMT. The time now is 10:20 AM.
Page 18 of 24 « First 81617 18 1920 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01449 seconds
  • Memory Usage 1,746KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (9)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete