We do not release additional details, no sense having the exploit in the wild without a fix.
Sorry to say - but I find this comment ridiculous....for this modification.
ibProArcade has it's own section here at vB.org - its' the most downloaded/installed modification here. This being the case - I'm sure the 8400 people who've at least clicked install would feel more secure about their vBulletin paid-product if given a reasoning behind why such modification is quarantined.
This policy about "we do not release additional details" truly could use a bit of transparency as concerns such popular modification(s) as ibProArcade! Even if said transparency takes shape in a little info-note attached to the automated(?) quarantine email.
Meanwhile -congrats vBulletin.org for continually keeping members in the dark!
I sincerely hope that MrZeroPage offers up a fix for this exploit, and QUICKLY!
Sorry to say - but I find this comment ridiculous....for this modification.
ibProArcade has it's own section here at vB.org - its' the most downloaded/installed modification here. This being the case - I'm sure the 8400 people who've at least clicked install would feel more secure about their vBulletin paid-product if given a reasoning behind why such modification is quarantined.
This policy about "we do not release additional details" truly could use a bit of transparency as concerns such popular modification(s) as ibProArcade! Even if said transparency takes shape in a little info-note attached to the automated(?) quarantine email.
Meanwhile -congrats vBulletin.org for continually keeping members in the dark!
I sincerely hope that MrZeroPage offers up a fix for this exploit, and QUICKLY!
J.
you have to realize that consequences far outweigh the right to know what the problem actually is/
Say he does mention what the exact exploit is.. This could leave possible thousands of boards out there that maybe haven't received the message about the quarantine, vulnerable to the exploit to many new people that now know what the exploit is. And by people, I mean guys that just want to cause truoble..
so is it better for them not to say and we just disable the mod.. wait for the fix, or let you know and possibly open a bunch of boards up to now a bunch of people that didn't know, but now do ???
The problem is, we were told there was an "issue". That's it. What kind of issue? Copyright? Security? What?
I get an email saying there's an issue with a modification and it's been quarantined. Yeah. That tells me a whole lot. In truth, it tells me absolutely nothing at all.
The problem is, we were told there was an "issue". That's it. What kind of issue? Copyright? Security? What?
I get an email saying there's an issue with a modification and it's been quarantined. Yeah. That tells me a whole lot. In truth, it tells me absolutely nothing at all.
Yes exactly. The email notice was useless.
I thought they may have been cryptic because the issue was something different to security this time. I'm pretty sure in the past these quarantine notices have always stated 'for security reasons' and that its advisable to disable the product until such a time that a fix is provided. I obviously don't expect them to publish details of the flaw(s). But just a couple of simple words would suffice in letting us know there are security risks in allowing the software to remain on our servers.
Quarantined? Details »»
About Developer
Visit Web Site
No support by the author.
08-29-2011, 04:26 PM
