vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Why did YAAS get quarentined? (https://vborg.vbsupport.ru/showthread.php?t=242634)

GrossKopf 05-16-2010 12:50 PM
Why did YAAS get quarentined?
 
I just got an email that Yet Another Awards System mod (https://vborg.vbsupport.ru/showthread.php?t=232684) was "quarentined". Why is that? I checked and didn't see anything in the thread about it.

vijayninel 05-16-2010 12:58 PM
CypherSTL would be the best person to answer that. Perhaps its due to a security flaw found in the mod.

we_are_borg 05-16-2010 01:29 PM
Well would be lovely when a websites does something like this they give a reason why now we no shit and don't know whats wrong. It can be a couple of problems and we don't now the severity of it.

Next time if vb.org does this say in the email at least what for.

GrossKopf 05-16-2010 01:33 PM
Quote:
Originally Posted by we_are_borg (Post 2037904)
Well would be lovely when a websites does something like this they give a reason why now we no shit and don't know whats wrong. It can be a couple of problems and we don't now the severity of it.

Next time if vb.org does this say in the email at least what for.
...or post the reason in the thread... I thought maybe the author disappeared, or there was a major problem with it, but I browsed the last couple pages and didn't see anything.

trackpads 05-16-2010 02:18 PM
They are probably not telling because it would give a hacker a heads up on how to exploit the security issue with the hack. I am sure it will be fixed, it is a fantastic mod and the author is good.

I would like to know if it was with the recent update, I didn't apply it so I am assuming the previous version is safe.

-Jason

GrossKopf 05-16-2010 02:28 PM
Quote:
Originally Posted by trackpads (Post 2037927)
They are probably not telling because it would give a hacker a heads up on how to exploit the security issue with the hack. I am sure it will be fixed, it is a fantastic mod and the author is good.

I would like to know if it was with the recent update, I didn't apply it so I am assuming the previous version is safe.

-Jason
Even if they just said THAT, it would be fine.. I believe I'm also using an older version. I haven't been updating anything on my forums lately.

we_are_borg 05-16-2010 07:33 PM
Quote:
Originally Posted by GrossKopf (Post 2037908)
...or post the reason in the thread... I thought maybe the author disappeared, or there was a major problem with it, but I browsed the last couple pages and didn't see anything.
Security by obscurity is not security, if there is something wrong most properly the hackers will know this long before us.

trackpads 05-16-2010 07:46 PM
Quote:
Security by obscurity is not security
Its nice that the phrase rhymes but it is not even a maority of cases. Obscurity is a basic security principle. Everything from NAT to direct obfuscation of internal networks and more. Even basic encryption and obfuscation on your home network is recommended, while it wouldn't survive true attacks it does in fact keep most folks legal.

In this case it was probably noticed by the coder himeself or another. If a hacker had done anything to get noticed over this I am sure we would have heard about it on the site or from the affected site owner.

-Jason

Paul M 05-16-2010 10:16 PM
A security flaw was reported, and the mod quarantined as per our procedures.

The author has now updated the code and the mod has been restored. Case Closed.

Marco van Herwaarden 05-17-2010 08:19 AM
Our policy on vulnerabilites can be found at Mod Exploit Guidelines


All times are GMT. The time now is 03:10 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01006 seconds
  • Memory Usage 1,731KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete