The Arcive of Official vBulletin Modifications Site.

Boofo · #**181** 05-22-2006, 11:35 AM

I already "came forward" as you say and told you things are being put into place to prevent things like this from happening in the future. It dsoesn't matter how that will happen, as long as it does, right? 'Nuff said.

FASherman · #**182** 05-22-2006, 11:42 AM

Quote:

Originally Posted by Boofo

I already "came forward" as you say and told you things are being put into place to prevent things like this from happening in the future. It dsoesn't matter how that will happen, as long as it does, right? 'Nuff said.

With all due respect, you haven't. Look at the very title of the thread, "Its all about trust". When you - and by you I mean VB.Org, not you in particular - allowed it to happen, you lost some of our trust. You lost the expectation that you could tell us something nonspecific is going to be done and leave it at that. You don't have that level of trust anymore. If you want to gain it back, you owe it to us, the people that now realize you place out sites at risk every time we install a download from here, to be more specific and tell us how you will catch the next hacker who does have malicious intent.

You own us that much, but if you don't see it that we, its indicative of a far greater problem.

Boofo · #**183** 05-22-2006, 11:58 AM

Read post 167 in this thread and it will explain it all to you better than I ever could.

Clayton · #**184** 05-22-2006, 12:23 PM

Quote:

Originally Posted by FASherman

What the bloody hell is going on around here? etc

Wow ... may I call you John Wayne

some pretty hard straight talking

Xenon · #**185** 05-22-2006, 12:35 PM

Quote:

Originally Posted by FASherman

When you - and by you I mean VB.Org, not you in particular - allowed it to happen, you lost some of our trust.

Sorry, but that is incorrect. Every code downloaded from vb.org and installed on your own board is your own responsibility. vb.org cannot go through every single line of code released here, and checks out for security holes. We can just react if we find something, and that has happened now. It's still and was every up to you, to make sure, the code you upload to your forum, will do what it says. If it doesn't the next contact you have is the author, to find out if it's maybe a bug. If you think it has been happening for purpose, then it's time to contact the moderators to take the appropriate actions.

We will do whatever we can to prevent such problems in the future, yes, hence a reason for the increas of staff members, but in the last run, you are the only one responsible for any code you apply to YOUR board.

amykhar · #**186** 05-22-2006, 12:44 PM

FASherman, there IS a procedure in place for security risks. Code that is found to have them (through our discovery or user reports) goes through a process by which users are warned and the mod is removed if necessary.

But, this is a peer coding community. Ideally, anybody who installs the mods here has reviewed the code before installing it on their forum. It is not a commercial download site where the code is vetted by the company. Huge difference in concepts.

If any CYA stuff needs to be done on the part of Jelsoft, I suppose a huge click through disclaimer when you register here would work.

Clayton · #**187** 05-22-2006, 12:49 PM

Before everything becomes a total fight over nothing it would be great if we were able to try bridge that gap, where an even greater level of trust can be established in the service that vB.org provides.

Most persons know that it is the users' responsibility for what is put on their forums, however would it not be possible in the future for vB.org to attach a stamp of approval to the code that has been checked, so that the level of trust can be increased.

This is not about blame but simply more an effort to feel safe within vB.org

So, if you download a hack and it doesn't 'yet' have the 'stamp of approval' then the user knows it is at their own peril

Something like this would be appreciated

Thanks

C

Xenon · #**188** 05-22-2006, 12:52 PM

At clayton: yeah, a good system, which we already working on

just give use a bit time, not everything can be made over one night ^^

Paul M · #**189** 05-22-2006, 01:22 PM

Just to clarify a couple of other points - someone mentioned it being around for months - the auto install code referred to only existed for 4 weeks - also, it never actually touched peoples forums, it made a simple GET request from your browser to the install link at vb.org.

DementedMindz · #**190** 05-22-2006, 01:26 PM

Quote:

Originally Posted by Paul M

Just to clarify a couple of other points - someone mentioned it being around for months - the auto install code referred to only existed for 4 weeks - also, it never actually touched peoples forums, it made a simple GET request from your browser to the install link at vb.org.

well since you let the cat out of the bag :surprised: yeah i did see it in your Display who has read a thread - Version 3 product... but then it was removed in the next update...

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.08220 seconds Memory Usage 2,256KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (4)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)pagenav_pagelinkrel (10)post_thanks_box (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (10)post_thanks_postbit_info (10)postbit (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!