homepage Welcome to WebmasterWorld Guest from 54.167.144.4
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
Forum Library, Charter, Moderators: rogerd

Community Building and User Generated Content Forum

    
Security Holes in Common Forum Software Packages Exploited
Brett_Tabke




msg:1556573
 11:56 pm on Feb 2, 2006 (gmt 0)

[eweek.com...]

Poor deployment of security patches by administrators and the growing popularity of programs like phpBB are to blame, Netcraft said.

On Jan. 30, a bulletin board run by chip maker AMD was compromised by hackers and was used to distribute malicious code.

Those who visited the site, forums.amd.com, were prompted to download a file that exploited a recently patched vulnerability in Windows code used to process WMF (Windows Meta File) format image files, according to anti-virus firm F-Secure Inc. in Helsinki.


 

treeline




msg:1556574
 1:06 am on Feb 3, 2006 (gmt 0)

So can we buy BestBBS v3.39 to avoid these issues?

rogerd




msg:1556575
 3:45 am on Feb 3, 2006 (gmt 0)

The article seems to imply that it was a phpBB vulnerability, but the code on the AMD forum looks like Invision?

viggen




msg:1556576
 5:40 am on Feb 3, 2006 (gmt 0)

yup, AMD is defenitely using invision board...

I wonder if they (AMD) upgraded beginning of Jan the critical update IPS put online?

cheers
viggen

trillianjedi




msg:1556577
 1:52 pm on Feb 3, 2006 (gmt 0)

So can we buy BestBBS v3.39

I'm sure this is one of the reasons you can't buy it.

In fact, if it were my software, I wouldn't sell it for this very reason.

Part of the problem with security is having your software on someone elses PC, where, in a local setting, exploits can be more easily uncovered.

TJ

AlexK




msg:1556578
 4:13 pm on Feb 3, 2006 (gmt 0)

trillianjedi:
I'm sure this is one of the reasons you can't buy it ... Part of the problem with security is having your software on someone elses PC

Hmm, the Microsoft defence (security by obscurity).

If the issue is purely security, then I choose phpBB2. It has been hacked that often that it is the most tested, the most secure.

physics




msg:1556579
 4:57 pm on Feb 3, 2006 (gmt 0)


It has been hacked that often that it is the most tested, the most secure.

Because it has a history of gettting hacked it's more secure?!

AlexK




msg:1556580
 7:39 pm on Feb 3, 2006 (gmt 0)

physics:
Because it has a history of gettting hacked it's more secure?!

As long as those hacks are followed by fixes, then - yes!

treeline




msg:1556581
 11:32 pm on Feb 3, 2006 (gmt 0)

I think the history of repairing Internet Explorer issues shows the folly of this theory. Just because they've successfully fixed a large number of holes doesn't mean there aren't lots more to discover.

AlexK




msg:1556582
 5:43 am on Feb 4, 2006 (gmt 0)

Yikes, strong argument on MSIE, except for just one thing: M$ code is closed and thus--unless you are the Chinese Government--you cannot read it. phpBB2 code is open and freely published.

Thus, it gets fixed, as long as attention is paid to it.

physics




msg:1556583
 5:55 pm on Feb 4, 2006 (gmt 0)

I'd prefer an open source solution with less history of getting hacked (or hack density, i.e. hacks/number of users of the software out there), rather than more. Because somethings hacked a lot doesn't mean all of the holes are closed. It might mean that the code wasn't written with security in mind in the first place.

AlexK




msg:1556584
 5:06 pm on Feb 5, 2006 (gmt 0)

My main issue with phpBB2 is the difficulty of upgrading a heavily-modded system. With everything else - well, when I become perfect I'll start throwing stones.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved