Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
Reload this Page Why did YAAS get quarentined?
FAQ Community Calendar Today's Posts Search

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 05-16-2010, 12:50 PM
GrossKopf GrossKopf is offline
 
Join Date: Jan 2007
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Why did YAAS get quarentined?
I just got an email that Yet Another Awards System mod (https://vborg.vbsupport.ru/showthread.php?t=232684) was "quarentined". Why is that? I checked and didn't see anything in the thread about it.
  #2  
Old 05-16-2010, 12:58 PM
vijayninel's Avatar
vijayninel vijayninel is offline
 
Join Date: Mar 2009
Posts: 537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
CypherSTL would be the best person to answer that. Perhaps its due to a security flaw found in the mod.
  #3  
Old 05-16-2010, 01:29 PM
we_are_borg we_are_borg is offline
 
Join Date: Jul 2004
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Well would be lovely when a websites does something like this they give a reason why now we no shit and don't know whats wrong. It can be a couple of problems and we don't now the severity of it.

Next time if vb.org does this say in the email at least what for.
  #4  
Old 05-16-2010, 01:33 PM
GrossKopf GrossKopf is offline
 
Join Date: Jan 2007
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by we_are_borg View Post
Well would be lovely when a websites does something like this they give a reason why now we no shit and don't know whats wrong. It can be a couple of problems and we don't now the severity of it.

Next time if vb.org does this say in the email at least what for.
...or post the reason in the thread... I thought maybe the author disappeared, or there was a major problem with it, but I browsed the last couple pages and didn't see anything.
  #5  
Old 05-16-2010, 02:18 PM
trackpads's Avatar
trackpads trackpads is offline
 
Join Date: Aug 2003
Location: Armyville
Posts: 1,074
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
They are probably not telling because it would give a hacker a heads up on how to exploit the security issue with the hack. I am sure it will be fixed, it is a fantastic mod and the author is good.

I would like to know if it was with the recent update, I didn't apply it so I am assuming the previous version is safe.

-Jason
  #6  
Old 05-16-2010, 02:28 PM
GrossKopf GrossKopf is offline
 
Join Date: Jan 2007
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by trackpads View Post
They are probably not telling because it would give a hacker a heads up on how to exploit the security issue with the hack. I am sure it will be fixed, it is a fantastic mod and the author is good.

I would like to know if it was with the recent update, I didn't apply it so I am assuming the previous version is safe.

-Jason
Even if they just said THAT, it would be fine.. I believe I'm also using an older version. I haven't been updating anything on my forums lately.
  #7  
Old 05-16-2010, 07:33 PM
we_are_borg we_are_borg is offline
 
Join Date: Jul 2004
Posts: 108
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by GrossKopf View Post
...or post the reason in the thread... I thought maybe the author disappeared, or there was a major problem with it, but I browsed the last couple pages and didn't see anything.
Security by obscurity is not security, if there is something wrong most properly the hackers will know this long before us.
  #8  
Old 05-16-2010, 07:46 PM
trackpads's Avatar
trackpads trackpads is offline
 
Join Date: Aug 2003
Location: Armyville
Posts: 1,074
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Security by obscurity is not security
Its nice that the phrase rhymes but it is not even a maority of cases. Obscurity is a basic security principle. Everything from NAT to direct obfuscation of internal networks and more. Even basic encryption and obfuscation on your home network is recommended, while it wouldn't survive true attacks it does in fact keep most folks legal.

In this case it was probably noticed by the coder himeself or another. If a hacker had done anything to get noticed over this I am sure we would have heard about it on the site or from the affected site owner.

-Jason
  #9  
Old 05-16-2010, 10:16 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
A security flaw was reported, and the mod quarantined as per our procedures.

The author has now updated the code and the mod has been restored. Case Closed.
  #10  
Old 05-17-2010, 08:19 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Our policy on vulnerabilites can be found at Mod Exploit Guidelines
Closed Thread

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 02:27 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03990 seconds
  • Memory Usage 2,244KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete