Go Back   vb.org Archive > Community Central > Community Lounge
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 08-30-2011, 09:45 AM
vijayninel's Avatar
vijayninel vijayninel is offline
 
Join Date: Mar 2009
Posts: 537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Nokia Developer Forum (vBulletin) Hacked



A image put up by the hacker on the forum homepage, mocking Nokia's forum security.

Nokia's developer forum was hacked and defaced yesterday and the forum has been put offline now.

A static HTML page now appears on the forum URL and says that:
Quote:
Originally Posted by Nokia
During our ongoing investigation of the incident we have discovered that a database table containing developer forum members' email addresses has been accessed, by exploiting a vulnerability in the bulletin board software that allowed an SQL Injection attack. Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger.

The database table records includes members’ email addresses and, for fewer than 7% who chose to include them in their public profile, either birth dates, homepage URL or usernames for AIM, ICQ, MSN, Skype or Yahoo. However, they do not contain sensitive information such as passwords or credit card details and so we do not believe the security of forum members’ accounts is at risk. Other Nokia accounts are not affected.

We are not aware of any misuse of the accessed data, but we are communicating with affected forum members, though we believe the only potential impact to them may be unsolicited email. Nokia apologizes for this incident.

Though the initial vulnerability was addressed immediately, we have now taken the developer community website offline as a precautionary measure, while we conduct further investigations and security assessments. We hope to get the site back online as soon as possible and will post developments here in the meantime.
This event has made international headlines. I believe Nokia's forum used vBulletin as its forum software (please correct me if I'm wrong) although I am not sure of the version number and modifications to the forum. I wonder if any of you know more about this and how they got compromised.
Reply With Quote
  #2  
Old 08-30-2011, 12:40 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

A search of the Google Cache does show they were using some flavor of vBulletin 4.x suite but not their exact version. Could very well be an old version never upgraded since it looks like they did a pretty custom theme- it would have been a pain to upgrade all the time. I'm just speculating form what I can see in the google cache.
Reply With Quote
  #3  
Old 08-30-2011, 12:53 PM
vijayninel's Avatar
vijayninel vijayninel is offline
 
Join Date: Mar 2009
Posts: 537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by BirdOPrey5 View Post
A search of the Google Cache does show they were using some flavor of vBulletin 4.x suite but not their exact version. Could very well be an old version never upgraded since it looks like they did a pretty custom theme- it would have been a pain to upgrade all the time. I'm just speculating form what I can see in the google cache.
That was exactly my thought. Although this is speculation I think It was significantly customised and not updated with the latest vBulletin patches/versions due to administrative difficulties.

News is now coming that they have permanently lost some data due to improper backups. This fiasco is a huge loss of face for Nokia and this issue will probably figure at their board meeting.
Reply With Quote
  #4  
Old 08-30-2011, 03:05 PM
Badshah93 Badshah93 is offline
 
Join Date: Jun 2010
Location: India
Posts: 505
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

when they got hacked officially ?
according to me, they are hacked from 18 - 19 August. (which my source tells)

And according to hacker they had latest patch vbulletin (which has redirect fix), but i don't think so because hacker generally lies to showoff.

Nokia is such a big company and not using any professional to manage their system is surprising. Even if there was vulnerability, it could be solved within few minutes when forum was hacked.

A admin (whenever he/she is login) should always check plugin manager to see if there is any extra plugin which is added.
Reply With Quote
  #5  
Old 08-30-2011, 04:53 PM
vijayninel's Avatar
vijayninel vijayninel is offline
 
Join Date: Mar 2009
Posts: 537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Sherif View Post
when they got hacked officially ?
according to me, they are hacked from 18 - 19 August. (which my source tells)
I am not aware of the 18th. Press reports are that they were hacked the day before (28th August).

Edit: One report suggests that the forum was first hacked on the 22nd. http://www.theinquirer.net/inquirer/...eb-site-attack
Reply With Quote
  #6  
Old 08-30-2011, 05:16 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

4.1.3 from the cached source code... hate to see this posted .
Reply With Quote
  #7  
Old 08-30-2011, 05:18 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Although Nokia claims it was the fault of the forum, we don't know that for sure. We also don't know if they could be calling it the fault of the forum when it could be the fault of a 3rd party add-on.

I don't see any reason to panic.
Reply With Quote
  #8  
Old 08-30-2011, 05:41 PM
vijayninel's Avatar
vijayninel vijayninel is offline
 
Join Date: Mar 2009
Posts: 537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Two weeks back the same hacker (pr0tect0r) hacked http://www.defence.pk/forums/ which is currently on vBulletin 4.1.5
Reply With Quote
  #9  
Old 08-30-2011, 05:46 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'm assuming it was lack of proper maintenance (which covers third-party add-ons imo) unless they present a new vulnerability or exploit to vBulletin that is. Of course we all know from the recent PSN network hacking and common sense tells us that the company does not want to own up to such as it would be detrimental, Sony did own up however recently I've read they knew about it to a certain extent and decided to protect one server over another but not trying to derail the thread simply related imo but more here if your interested .
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 09:18 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04618 seconds
  • Memory Usage 2,248KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete