Quarantined?

Are there any more details on this and why it was quarantined?

thanks.

[BirdOPrey5]

Again, the best thing people can do is to follow all precautions mentioned in the email:

1) Disable the mod (via vBulletin Product Manager)
2) Rename or remove all uploaded files (mod files, not games, but the files that originally came with the mod to upload)

This is all the information you need at this time.

What I will confirm is the author has made contact and I believe this will get resolved. I will give no time estimate- maybe today, maybe tomorrow, maybe next week/month I don't know. We all hope sooner than later of course.

[JacquiiDesigns]

Quote:

Originally Posted by BirdOPrey5

Again, the best thing people can do is to follow all precautions mentioned in the email:

1) Disable the mod (via vBulletin Product Manager)
2) Rename or remove all uploaded files (mod files, not games, but the files that originally came with the mod to upload)

This is all the information you need at this time.

What I will confirm is the author has made contact and I believe this will get resolved. I will give no time estimate- maybe today, maybe tomorrow, maybe next week/month I don't know. We all hope sooner than later of course.

Thanks for the update, though I'm sure we could debate rather robustly on the concept of need :P -- and yet another point of contention: some may not even know what files to even rename/remove because the archive is no longer downloadable here at the .org

IDK - I just think there has to be a better way to handle quarantined/graveyarded mods....

</drama-queen-ism>

[nighteyes]

Quote:

Originally Posted by Adrian Schneider

Wow guys. Any administration, developer, etc. worth a grain of salt will not give out (even potential) security vulnerabilities to harm their members. For those who are curious, you can find out by looking at the patch once it comes out or try finding it yourself prior.

Most of the users saying we are drama queens with our suggestions haven't even comprehended the point we are making. Nobody is asking them to disclose the precise security vulnerabilities. We only wanted to know the mod was pulled for security reasons. EXACTLY the information they did finally disclose in this thread. In the past, modifications have been quarantined for a variety of reasons including copyright infringement and violating Jelsoft's terms. Is it reasonable for us to have to guess why they have pulled a modification from the site?

As my earlier message demonstrated, they used to tell us when a product was pulled because it was vulnerable to exploit. Why can't they continue to do this? All we're asking for is the information they went ahead and confirmed in this thread anyway.

I'm also aware it's a thankless task volunteering to staff a forum. I'm sure there's a good chance those we've been venting at had nothing to do with whatever policies were implemented to change the way these quarantine notifications are sent out.

[Hippy]

MrZeropage came through with a fix and a new version..
once again thanks MrZeropage

[garyb12001]

Quote:

Originally Posted by Hippy

MrZeropage came through with a fix and a new version..
once again thanks MrZeropage

Agreed. Thanks for the quick resolution!

[Biker_GA]

Quote:

Originally Posted by BirdOPrey5

Again, the best thing people can do is to follow all precautions mentioned in the email:

1) Disable the mod (via vBulletin Product Manager)
2) Rename or remove all uploaded files (mod files, not games, but the files that originally came with the mod to upload)

This is all the information you need at this time.

What I will confirm is the author has made contact and I believe this will get resolved. I will give no time estimate- maybe today, maybe tomorrow, maybe next week/month I don't know. We all hope sooner than later of course.

No. You completely missed the point.

What we're saying is the email was totally worthless from an Administrative standpoint. It told me nothing other than the modification was quarantined. I could care less about the details of an exploit, but that email should have stated there was a security issue to lend credence to the notification.

We're not complaining about the lack of information about the exploit itself. We're complaining about the lack of information period. We should have been told WHY the modification was quarantined. This doesn't mean you have to go into the details of the exploit, but as an administrator, I can't make informed decisions on how my site is run when I get a half baked email like I received.

[BirdOPrey5]

Quote:

Originally Posted by Biker_GA

No. You completely missed the point.

What we're saying is the email was totally worthless from an Administrative standpoint. It told me nothing other than the modification was quarantined. I could care less about the details of an exploit, but that email should have stated there was a security issue to lend credence to the notification.

We're not complaining about the lack of information about the exploit itself. We're complaining about the lack of information period. We should have been told WHY the modification was quarantined. This doesn't mean you have to go into the details of the exploit, but as an administrator, I can't make informed decisions on how my site is run when I get a half baked email like I received.

Quite frankly you don't need to know why you just need to know it has been.

If I confirm it is a security exploit then you will have nefarious people scan the code line by line looking for the exploit to take advantage of it. If they miss it the first time, they will keep looking because they *know* for sure it is there.

But if I don't confirm it's a security exploit they may look through the code and not see it the first time, or the second time, and give up and assume it wasn't a security issue at all- which is possible.

That is why I will never confirm it was or was not a security issue/exploit- but if I was a user of the mod I would ALWAYS assume it's an exploit and follow the recommended procedure.

[borbole]

I agree with the staff that the exploits should not be posted in the public. Otherwise every script kiddie/wanna be hacker will try out those exploits in every forum that they can running the arcade. We have seen this thing happen all the time in cases like this.

We all should be grateful to the vb staff here who look out for us by letting us know anytime a security issue has been discovered with any of the mods here and takes precautions immediately that no other users will put their forums at risk by installing and using something not secure. At least that is how I see it.

[MrZeropage]

Yes, security-problems should not be made public, just to the developer himself to make sure he can provide a quick fix.

That's how it works well here on vb.org - I can a message telling the details, checked it and could fix it in time, and that's what the community needs. Otherwise there would fly around some usermade hotfixes, some ideas ect which do not help having a stable product with support and development, as modified trees could get out of this ect.


Everything is fine now, everybody just upgrade to v2.7.1+

[AuroraStorm]

Um, the last time I tried to update this on my sister board, I couldn't get it to work, which is why I didn't update it on my board...

I'll try it and see...thanks for coming through, Zeropage. This is one of the best, if not THE best mods around...