Go Back   vb.org Archive > News and Announcements > News and Announcements
  #21  
Old 05-15-2006, 12:53 PM
The Geek's Avatar
The Geek The Geek is offline
 
Join Date: Sep 2003
Location: Behind you
Posts: 2,779
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

A redirect to the install button isnt really a back-door, nor a security breach especially considering that no coder can tell who the install was or where it came from. No personal or server info could have been passed.
Therefore Im with Paul on that one.
If it was submitting info to another site where the author could access the info - then Im with Marco there.

Just my thoughts
  #22  
Old 05-15-2006, 01:00 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I see, so this is okay as long as a note is included in the hack ? In reality, it has not been very useful, it doesn't actually seem to work a lot of the time - so given that it now seems to fall foul of this new policy I think I might just remove it.
  #23  
Old 05-15-2006, 01:00 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by The Geek
A redirect to the install button isnt really a back-door, nor a security breach especially considering that no coder can tell who the install was or where it came from. No personal or server info could have been passed.
Therefore Im with Paul on that one.
My official response to this:

Read the thread title. It is not about if it is harmfull or not. It is not about if the coder could use an auto-install to get privacy sensitive information. It is about breaking the trust of our members by adding hidden functionality to a modification. Period.


Now back to your example on a personal level, i think i could give you some reasons in a pm that would also show that even this is disclosing things.
  #24  
Old 05-15-2006, 01:12 PM
The Geek's Avatar
The Geek The Geek is offline
 
Join Date: Sep 2003
Location: Behind you
Posts: 2,779
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You calling me Livewire now?!? I'm flattered

I assumed that the thread was about users potentially gathering personal data. The threat (as you mentioned) is always there policy or not and yes, I agree that users should be aware. I was only stating that if the catalyst was Paul's hack that redirect to an install link - then I just didn't agree that it would fall under a 'security', 'phishing', 'backdoor' type of policy.
Regardless, I guess it is kind of sneaky and it does explain why so many people clicked install on Paul's hacks
Now I just need to solve the whole 'last supper/floating hand' mystery and Ill die content.

If you have the time and inclination, go for the PM. I'm interested, but I wont be refreshing my inbox every 5 seconds for it as I know you have far more pressing things to get on with
  #25  
Old 05-15-2006, 01:21 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by The gReek
You calling me Limewire now?!? I'm flattered
Oops my mistake, corrected.

The policy is about hidden functionality and trust, not about if it damage anything.

PS Don't expect that PM very soon, but will work on it when i have time.
  #26  
Old 05-15-2006, 01:27 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by The Geek
Regardless, I guess it is kind of sneaky and it does explain why so many people clicked install on Paul's hacks
Actually, it was only added about 4 weeks ago after a discussion about it on the site - someone suggested it, so I gave it a try - in reality it doesn't work very well - people who have clearly installed a hack, still don't show up when they post. Many of the others still post to say "installed" anyway, they click install manually. I couldn't even get it to work properly myself in tests and it wasn't really important enough to investigate why. Now it comes under this change I will almost certainly give up on it.
  #27  
Old 05-15-2006, 01:28 PM
The Geek's Avatar
The Geek The Geek is offline
 
Join Date: Sep 2003
Location: Behind you
Posts: 2,779
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

sas efharisto

(thats gReek for thank you - Your quoting system is squiffy )
  #28  
Old 05-15-2006, 01:32 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Dank je (dutch voor thank you)

That is what happens if you rely on manual quoting.
PS You only spotted 1 of the 2 quoting "errors" in my previous post.
  #29  
Old 05-15-2006, 01:35 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I spotted Limewire
  #30  
Old 05-15-2006, 01:44 PM
Floris Floris is offline
 
Join Date: Jan 2002
Posts: 1,898
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by MarcoH64
The fact that you install any software, could always possibly open you to unknown harmfull actions by the coder of that software. This is not really something new.

We have (until now) never found any hacks released here that had harmfull hidden features. My list is what could possibly happen if someone means harm.

PS Even if it is said as a joke, it doesn't look good on us if we would abuse this issue to spread negative feelings about a competitor in the forum business, and i would like to ask all not to make such comments anymore.

Let's stick to comments about our own community.
Nope, I can assure you that unless it slipped by me there are no 2.x or 3.0.x resources that did this. It's a trend that's started to develop ever since 3.5 went stable.

Again, the issue here is that it is about undocumented functionality and that unfortunatly it is to better the author; but no security breach was added to your forum upon installing, nor was any data shared or backdoor installed.

And finally, as mentioned in the announcement we will listen to their side of the story. Surely as Paul M suggests his motives were different from a few others. Nevertheless it is something that people have noticed and raised concern about. I think the vBorg staff is on top of things and updated their site policy in regards to these type of things and automatically included optional misuse of undocumented features; Saving them the future discussion of when people decide to do include backdoors or data-mining code, etc.
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:02 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04606 seconds
  • Memory Usage 2,243KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete