The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
Comments |
#32
|
||||
|
||||
Again, the best thing people can do is to follow all precautions mentioned in the email:
1) Disable the mod (via vBulletin Product Manager) 2) Rename or remove all uploaded files (mod files, not games, but the files that originally came with the mod to upload) This is all the information you need at this time. What I will confirm is the author has made contact and I believe this will get resolved. I will give no time estimate- maybe today, maybe tomorrow, maybe next week/month I don't know. We all hope sooner than later of course. |
#33
|
||||
|
||||
Quote:
IDK - I just think there has to be a better way to handle quarantined/graveyarded mods.... </drama-queen-ism> |
#34
|
||||
|
||||
Quote:
As my earlier message demonstrated, they used to tell us when a product was pulled because it was vulnerable to exploit. Why can't they continue to do this? All we're asking for is the information they went ahead and confirmed in this thread anyway. I'm also aware it's a thankless task volunteering to staff a forum. I'm sure there's a good chance those we've been venting at had nothing to do with whatever policies were implemented to change the way these quarantine notifications are sent out. |
#35
|
||||
|
||||
MrZeropage came through with a fix and a new version..
once again thanks MrZeropage |
3 благодарности(ей) от: | ||
BirdOPrey5, garyb12001, JacquiiDesigns |
#36
|
|||
|
|||
Agreed. Thanks for the quick resolution!
|
#37
|
|||
|
|||
Quote:
What we're saying is the email was totally worthless from an Administrative standpoint. It told me nothing other than the modification was quarantined. I could care less about the details of an exploit, but that email should have stated there was a security issue to lend credence to the notification. We're not complaining about the lack of information about the exploit itself. We're complaining about the lack of information period. We should have been told WHY the modification was quarantined. This doesn't mean you have to go into the details of the exploit, but as an administrator, I can't make informed decisions on how my site is run when I get a half baked email like I received. |
#38
|
||||
|
||||
Quote:
If I confirm it is a security exploit then you will have nefarious people scan the code line by line looking for the exploit to take advantage of it. If they miss it the first time, they will keep looking because they *know* for sure it is there. But if I don't confirm it's a security exploit they may look through the code and not see it the first time, or the second time, and give up and assume it wasn't a security issue at all- which is possible. That is why I will never confirm it was or was not a security issue/exploit- but if I was a user of the mod I would ALWAYS assume it's an exploit and follow the recommended procedure. |
#39
|
||||
|
||||
I agree with the staff that the exploits should not be posted in the public. Otherwise every script kiddie/wanna be hacker will try out those exploits in every forum that they can running the arcade. We have seen this thing happen all the time in cases like this.
We all should be grateful to the vb staff here who look out for us by letting us know anytime a security issue has been discovered with any of the mods here and takes precautions immediately that no other users will put their forums at risk by installing and using something not secure. At least that is how I see it. |
Благодарность от: | ||
BirdOPrey5 |
#40
|
||||
|
||||
Yes, security-problems should not be made public, just to the developer himself to make sure he can provide a quick fix.
That's how it works well here on vb.org - I can a message telling the details, checked it and could fix it in time, and that's what the community needs. Otherwise there would fly around some usermade hotfixes, some ideas ect which do not help having a stable product with support and development, as modified trees could get out of this ect. Everything is fine now, everybody just upgrade to v2.7.1+ |
Благодарность от: | ||
AuroraStorm |
#41
|
||||
|
||||
Um, the last time I tried to update this on my sister board, I couldn't get it to work, which is why I didn't update it on my board...
I'll try it and see...thanks for coming through, Zeropage. This is one of the best, if not THE best mods around... |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|