Go Back   vb.org Archive > News and Announcements > News and Announcements
FAQ Community Calendar Today's Posts Search

Closed Thread
 
Thread Tools Display Modes
  #11  
Old 05-15-2006, 10:47 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Sorry but that is information that i can not disclose at this point.

If it would have sent the author an email where it was installed, we would have considered this as a serious breach of personal confidentiality, and would have taken immediate stronger measurements.
  #12  
Old 05-15-2006, 11:02 AM
Darat Darat is offline
 
Join Date: Aug 2004
Posts: 329
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I know you've replied about not being decided about whether to release the details of hacks with known "back-doors" etc.

However I would like to ask in the strongest possible terms that you do release the information. As you say this is about trust as much as anything else and whilst I can understand it may cause some upset among the coders that coded these hacks however (in this instance) they should not be the primary concern. Especially since it is, to be blunt, their actions that have led to the trust that was built up here being damaged, albeit that I'm sure none of them did it with the intention of causing any such problems.

I strongly believe your primary concern should be in regaining the trust of the vast majority of people such as myself. Many people will lose trust in both vBulletin.org and vBulletin itself (because of the link between the two) if everything isn't not only done to rectify this situation, but also is seen to be done. Transparency, when possible, is always the best way to build trust.

Please give this some consideration.

(Edited to add: I said "back-doors" in the above, I wasn't meaning to imply backdoors into the forums that used the hacks.)

Edit MarcoH64: To make it very clear to others reading this: The current issue does not involve a back-door into your forum! If such a thing would have been the case, we would have reacted stronger.
  #13  
Old 05-15-2006, 11:13 AM
Bhuwan's Avatar
Bhuwan Bhuwan is offline
 
Join Date: Jul 2004
Location: USA
Posts: 425
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

there shoudl be a hall of shame...
  #14  
Old 05-15-2006, 11:27 AM
Darat Darat is offline
 
Join Date: Aug 2004
Posts: 329
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I don't think it should be about taking any terrible punitive actions against anyone - according to MarcoH64 these are not hidden features that could cause problems to the majority of us.

However there is the matter of trust - a hack installed from here has the potential to be of concern for quite literally hundreds of thousands of people (considering how many people are members of vBulletin powered forums worldwide that might be an understatement).

Jelsoft have (in my opinion) a great reputation for dealing with security issues in their core product in a timely and professional manner - it would be unfortunate for that to be tarnished via this forum, even unintentionally.
  #15  
Old 05-15-2006, 11:37 AM
Delphiprogrammi Delphiprogrammi is offline
 
Join Date: Feb 2004
Location: Landen(Belgium)
Posts: 1,335
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

hmmmmmz,

i have a few here.It wouldn't even cross my mind to do a thing like that.Marco are you serious do people really create a hack that does things like you mentioned above ? then they can't be punisched hard enough.A lifetime ban from vbulletin.com and vbulletin.org and immediate licence deactiviation would be a good idea

argh that people even think about that maybe they are ipb spys
  #16  
Old 05-15-2006, 11:47 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The fact that you install any software, could always possibly open you to unknown harmfull actions by the coder of that software. This is not really something new.

We have (until now) never found any hacks released here that had harmfull hidden features. My list is what could possibly happen if someone means harm.

PS Even if it is said as a joke, it doesn't look good on us if we would abuse this issue to spread negative feelings about a competitor in the forum business, and i would like to ask all not to make such comments anymore.

Let's stick to comments about our own community.
  #17  
Old 05-15-2006, 11:48 AM
amykhar's Avatar
amykhar amykhar is offline
 
Join Date: Oct 2001
Location: PA
Posts: 4,438
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

you know, any of you who know how to read php could always go read the code in the product installs and such and know immediately who is calling external functions from the code. You don't need staff to tell you who the bad guys are.
  #18  
Old 05-15-2006, 12:03 PM
nytxn nytxn is offline
 
Join Date: Jul 2005
Location: Austin, TX
Posts: 23
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks for letting us know, and thanks for taking action going forward!
  #19  
Old 05-15-2006, 12:30 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'm just a little curious about this.

Most of my products now have a couple of lines that try to click install (or uninstall) automatically when you first install them (or remove them). This is completely harmless (and unreliable) but it's certainly not secret - it has been discussed a number of times without any staff mentioning it broke any rules, and is used by a number of people.

I can't believe that this would be what you are referring to as it would be massively OTT with talk of security and backdoors, but perhaps you could clarify if this is covered by this policy or not, since if it is, I will have to remove it.
  #20  
Old 05-15-2006, 12:40 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Unless you specifically warn the users of such a hack, in the hack thread or the install text before installation, that this will happen, then yes it would fall under the category addressed in this thread. Regardless if you consider this harmless or not.
Closed Thread


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:08 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07737 seconds
  • Memory Usage 2,248KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete