The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#171
|
|||
|
|||
[high]* Logikos hands Boofo a tissue [/high]
|
#172
|
||||
|
||||
Quote:
That was a doozy of a backdoor, that was. |
#173
|
||||
|
||||
Quote:
|
#174
|
|||
|
|||
Quote:
|
#175
|
|||
|
|||
Quote:
|
#176
|
||||
|
||||
Oh man, when I read this in my email, I thought the post above mine was in response to post #172.
How I laughed. |
#177
|
|||
|
|||
Quote:
A small number of coders were doing this, so the majority of releases never have had any issues relating to this. Quote:
|
#178
|
||||
|
||||
Quote:
You can out rules in place and a reporting procedure to notify of violations, but steps like that are meant to protect your legal exposure, not our vulnerability to exploitation. What are you going to do? |
#179
|
||||
|
||||
Quote:
|
#180
|
||||
|
||||
Quote:
Some authors were inserting, albeit harmless, hidden function code in their programs. Those functions went unnoticed for months. The staff here didn't find the problematic code for some time, even though it affected their own site. The points out a glaring security hole in the methodology of this site. Anyone with malicious intent, having read this thread, now knows the best way to exploit VB websites: release code here with hidden functionality. Thats the issue that needs addressing. And you can't dismiss it with a promise that "something" that we don't get to hear about will be done. VB.Org opened this can of worms by making it public. You've raised a secuity and business data protection issue, the highest concern in all of IT. Many forums being run support real business, not hobbiests. Your answers are insufficient for that population. You must come forward, sooner rather than later, and explain how you will verify the integrity of the code available here. |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|