homepage Welcome to WebmasterWorld Guest from 54.211.34.105
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
Forum Library, Charter, Moderators: rogerd

Community Building and User Generated Content Forum

    
Security Holes in Common Forum Software Packages Exploited
Brett_Tabke

WebmasterWorld Administrator brett_tabke us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 740 posted 11:56 pm on Feb 2, 2006 (gmt 0)

[eweek.com...]

Poor deployment of security patches by administrators and the growing popularity of programs like phpBB are to blame, Netcraft said.

On Jan. 30, a bulletin board run by chip maker AMD was compromised by hackers and was used to distribute malicious code.

Those who visited the site, forums.amd.com, were prompted to download a file that exploited a recently patched vulnerability in Windows code used to process WMF (Windows Meta File) format image files, according to anti-virus firm F-Secure Inc. in Helsinki.


 

treeline

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 740 posted 1:06 am on Feb 3, 2006 (gmt 0)

So can we buy BestBBS v3.39 to avoid these issues?

rogerd

WebmasterWorld Administrator rogerd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 740 posted 3:45 am on Feb 3, 2006 (gmt 0)

The article seems to imply that it was a phpBB vulnerability, but the code on the AMD forum looks like Invision?

viggen

10+ Year Member



 
Msg#: 740 posted 5:40 am on Feb 3, 2006 (gmt 0)

yup, AMD is defenitely using invision board...

I wonder if they (AMD) upgraded beginning of Jan the critical update IPS put online?

cheers
viggen

trillianjedi

WebmasterWorld Senior Member trillianjedi us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 740 posted 1:52 pm on Feb 3, 2006 (gmt 0)

So can we buy BestBBS v3.39

I'm sure this is one of the reasons you can't buy it.

In fact, if it were my software, I wouldn't sell it for this very reason.

Part of the problem with security is having your software on someone elses PC, where, in a local setting, exploits can be more easily uncovered.

TJ

AlexK

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 740 posted 4:13 pm on Feb 3, 2006 (gmt 0)

trillianjedi:
I'm sure this is one of the reasons you can't buy it ... Part of the problem with security is having your software on someone elses PC

Hmm, the Microsoft defence (security by obscurity).

If the issue is purely security, then I choose phpBB2. It has been hacked that often that it is the most tested, the most secure.

physics

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 740 posted 4:57 pm on Feb 3, 2006 (gmt 0)


It has been hacked that often that it is the most tested, the most secure.

Because it has a history of gettting hacked it's more secure?!

AlexK

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 740 posted 7:39 pm on Feb 3, 2006 (gmt 0)

physics:
Because it has a history of gettting hacked it's more secure?!

As long as those hacks are followed by fixes, then - yes!

treeline

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 740 posted 11:32 pm on Feb 3, 2006 (gmt 0)

I think the history of repairing Internet Explorer issues shows the folly of this theory. Just because they've successfully fixed a large number of holes doesn't mean there aren't lots more to discover.

AlexK

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 740 posted 5:43 am on Feb 4, 2006 (gmt 0)

Yikes, strong argument on MSIE, except for just one thing: M$ code is closed and thus--unless you are the Chinese Government--you cannot read it. phpBB2 code is open and freely published.

Thus, it gets fixed, as long as attention is paid to it.

physics

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 740 posted 5:55 pm on Feb 4, 2006 (gmt 0)

I'd prefer an open source solution with less history of getting hacked (or hack density, i.e. hacks/number of users of the software out there), rather than more. Because somethings hacked a lot doesn't mean all of the holes are closed. It might mean that the code wasn't written with security in mind in the first place.

AlexK

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 740 posted 5:06 pm on Feb 5, 2006 (gmt 0)

My main issue with phpBB2 is the difficulty of upgrading a heavily-modded system. With everything else - well, when I become perfect I'll start throwing stones.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved