The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#11
|
|||
|
|||
Sorry but that is information that i can not disclose at this point.
If it would have sent the author an email where it was installed, we would have considered this as a serious breach of personal confidentiality, and would have taken immediate stronger measurements. |
#12
|
|||
|
|||
I know you've replied about not being decided about whether to release the details of hacks with known "back-doors" etc.
However I would like to ask in the strongest possible terms that you do release the information. As you say this is about trust as much as anything else and whilst I can understand it may cause some upset among the coders that coded these hacks however (in this instance) they should not be the primary concern. Especially since it is, to be blunt, their actions that have led to the trust that was built up here being damaged, albeit that I'm sure none of them did it with the intention of causing any such problems. I strongly believe your primary concern should be in regaining the trust of the vast majority of people such as myself. Many people will lose trust in both vBulletin.org and vBulletin itself (because of the link between the two) if everything isn't not only done to rectify this situation, but also is seen to be done. Transparency, when possible, is always the best way to build trust. Please give this some consideration. (Edited to add: I said "back-doors" in the above, I wasn't meaning to imply backdoors into the forums that used the hacks.) Edit MarcoH64: To make it very clear to others reading this: The current issue does not involve a back-door into your forum! If such a thing would have been the case, we would have reacted stronger. |
#13
|
||||
|
||||
there shoudl be a hall of shame...
|
#14
|
|||
|
|||
I don't think it should be about taking any terrible punitive actions against anyone - according to MarcoH64 these are not hidden features that could cause problems to the majority of us.
However there is the matter of trust - a hack installed from here has the potential to be of concern for quite literally hundreds of thousands of people (considering how many people are members of vBulletin powered forums worldwide that might be an understatement). Jelsoft have (in my opinion) a great reputation for dealing with security issues in their core product in a timely and professional manner - it would be unfortunate for that to be tarnished via this forum, even unintentionally. |
#15
|
|||
|
|||
hmmmmmz,
i have a few here.It wouldn't even cross my mind to do a thing like that.Marco are you serious do people really create a hack that does things like you mentioned above ? then they can't be punisched hard enough.A lifetime ban from vbulletin.com and vbulletin.org and immediate licence deactiviation would be a good idea argh that people even think about that maybe they are ipb spys |
#16
|
|||
|
|||
The fact that you install any software, could always possibly open you to unknown harmfull actions by the coder of that software. This is not really something new.
We have (until now) never found any hacks released here that had harmfull hidden features. My list is what could possibly happen if someone means harm. PS Even if it is said as a joke, it doesn't look good on us if we would abuse this issue to spread negative feelings about a competitor in the forum business, and i would like to ask all not to make such comments anymore. Let's stick to comments about our own community. |
#17
|
||||
|
||||
you know, any of you who know how to read php could always go read the code in the product installs and such and know immediately who is calling external functions from the code. You don't need staff to tell you who the bad guys are.
|
#18
|
|||
|
|||
Thanks for letting us know, and thanks for taking action going forward!
|
#19
|
||||
|
||||
I'm just a little curious about this.
Most of my products now have a couple of lines that try to click install (or uninstall) automatically when you first install them (or remove them). This is completely harmless (and unreliable) but it's certainly not secret - it has been discussed a number of times without any staff mentioning it broke any rules, and is used by a number of people. I can't believe that this would be what you are referring to as it would be massively OTT with talk of security and backdoors, but perhaps you could clarify if this is covered by this policy or not, since if it is, I will have to remove it. |
#20
|
|||
|
|||
Unless you specifically warn the users of such a hack, in the hack thread or the install text before installation, that this will happen, then yes it would fall under the category addressed in this thread. Regardless if you consider this harmless or not.
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|