Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
  #61  
Old 11-16-2013, 07:51 PM
vbresults vbresults is offline
 
Join Date: Apr 2009
Posts: 687
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Digital Jedi View Post
So wait, they went ahead and sent out emails to change your password just to sate hacking paranoia?
You and I both know what's happening here, and it's not that.
  #62  
Old 11-16-2013, 07:59 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by motorhaven View Post
Put away your lame assumptions about someone's experience and your weak lessons before you embarrass yourself. I know what social engineering is - I was dealing with people doing that stuff back in the 1980s, when I wasn't busy coding in assembler. That was well before I started one of the first enthusiast groups on the Internet.



Macrumors has nothing to gain by saying they were hacked. They have credibility to lose, as a matter of fact.
Hey bud, welcome to 2013... this is not the 1980's so continuing to spread rumors when you're not up to par on the situation and apparently do not know the full details or extent of said situation is simply not the right thing to do in my opinion... why do I say that?

Quote:
Originally Posted by motorhaven View Post
There is a big difference between "making stuff up" and not having information which agrees with yours.
^ Case in point... I don't know the full extent of the situation and if I don't then neither do you so it does not matter if other information does not agree with "yours". Paul would know more then either of us - assumptions and justifications to what you see are fine but continuing to post them as rumors is not because at the time of your initial posts the most info we all had on this was that released by the so-called "hackers" and does everyone take what they say at face value? Pffffft I hope not so neither should you have see my point?

Quote:
Originally Posted by Digital Jedi View Post
So wait, they went ahead and sent out emails to change your password just to sate hacking paranoia?
Apparently because Paul already stated they hacked a QA server... so yes ladies and gents if it was an old copy of vb.com database on that QA server and your passwords had not changed then common sense tells us that you need to change your passwords, do that regardless of what you read.

DO NOT USE THE SAME PASSWORD FOR EVERY SITE! Buy a cheap black ledger book from an office supply store/wal-mart etc and write down the passwords for each site, keep in your desk drawer for easy reference. You can also have your broswer remember passwords, I do the ledger book because if the right virus hits your pc then all that info is known as well.
Благодарность от:
Max Taxable
  #63  
Old 11-16-2013, 08:00 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by vbresults View Post
You and I both know what's happening here, and it's not that.
You don't know neither does DJ .
  #64  
Old 11-16-2013, 08:15 PM
Amaury Amaury is offline
 
Join Date: Nov 2011
Location: Ellensburg, WA
Posts: 1,075
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TheLastSuperman View Post
DO NOT USE THE SAME PASSWORD FOR EVERY SITE!
I actually do this to an extent.

I use the same password for all sites I'm a member of (e.g., YouTube), However, on sites where I'm a staff member, such as KH-Flare, I use a different password, which is currently the only site I have a different password on. The other sites I'm staff on aren't big / don't have a lot on them at the moment, so I use the same password as places I'm of a member of, but it's a secure password. Then there are also sites that you're staff on, but you're only a sectional moderator that, of course, doesn't have access to the admin or moderator control, so it doesn't really matter.

I actually look at the security more than the uniqueness when it comes to passwords
  #65  
Old 11-16-2013, 09:21 PM
hugh_ hugh_ is offline
 
Join Date: Mar 2005
Location: Netherlands
Posts: 368
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What hasn't been disclosed and concerns me is whether the hackers had access to customer records and financial information, and the support system which must contain a large amount of fairly sensitive customer information...
  #66  
Old 11-16-2013, 10:01 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Not really sure what financial information you mean.

All the log files that were examined do not show any attemped access of customer data in the support system, they basically targeted the vb user table.
  #67  
Old 11-16-2013, 10:44 PM
motorhaven motorhaven is offline
 
Join Date: Jul 2002
Posts: 56
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TheLastSuperman View Post
Hey bud, welcome to 2013...
Welcome to I was right.

Quote:
this is not the 1980's so continuing to spread rumors when you're not up to par on the situation and apparently do not know the full details or extent of said situation is simply not the right thing to do in my opinion... why do I say that?
Had you followed all the resources out there about it you'd have seen there was than just screen shots. But you and others were too busy looking to defend VB rather than following and reading everything at the resources, such as the long thread over at Mac Rumors where there was plenty of info.

The right thing was not IB employees initially taking the Baghdad Bob role.
  #68  
Old 11-16-2013, 10:51 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Just to keep this clear...

No one has yet said vbulletin DOT COM wasn't possibly hacked. The meter was this site, vbulletin DOT ORG.

From the link in post #3, there is NO claim of vb dot org being part of this "hack." And many here have expressed their doubts a exploit for version 4 would also automatically mean this site which uses version 3 was also "hacked."

As far as I can tell, only the author of the first post is claiming it's also vB dot org which was "hacked."

There isn't one shred of proof of that and it's not even a claim the illiterate script kiddies with their dummied up screenshot and their "patch for sale" are even making.
  #69  
Old 11-16-2013, 11:17 PM
New Joe's Avatar
New Joe New Joe is offline
 
Join Date: May 2009
Posts: 1,128
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Just got this e mail:
Quote:
This is an important message about your account.

We take your security and privacy very seriously. Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password. Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems. We have taken the precaution of resetting your account password. We apologize for any inconvenience this has caused but felt that it was necessary to help protect you and your account.
To regain access to your account:

Visit the vBulletin forums at http://www.vbulletin.com/settings/account
Enter in your existing password followed by your new password, twice for confirmation.
Save this page at the bottom.
Please choose a new password and do not use the same password you used with us previously. We also highly recommend that you chose a password that you are not using on any other sites.
If you have any additional questions or concerns, please feel free to contact our support team at http://www.vbulletin.com/go/techsupport or support@vbulletin.com.

Sincerely,

Wayne Luke,
vBulletin Lead Technical Support.

Helping You Build Better Communities,
Благодарность от:
taz112768
  #70  
Old 11-16-2013, 11:29 PM
Chris8's Avatar
Chris8 Chris8 is offline
 
Join Date: Nov 2009
Posts: 188
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

So... can someone explain how exactly they hacked vb.com. Can we have some more detailed answers?
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:42 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04953 seconds
  • Memory Usage 2,289KB
  • Queries Executed 14 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (9)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (10)post_thanks_box
  • (2)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete