Welcome to WebmasterWorld Guest from 54.145.173.147

Forum Moderators: rogerd

Message Too Old, No Replies

Security Holes in Common Forum Software Packages Exploited

   
11:56 pm on Feb 2, 2006 (gmt 0)

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



[eweek.com...]

Poor deployment of security patches by administrators and the growing popularity of programs like phpBB are to blame, Netcraft said.

On Jan. 30, a bulletin board run by chip maker AMD was compromised by hackers and was used to distribute malicious code.

Those who visited the site, forums.amd.com, were prompted to download a file that exploited a recently patched vulnerability in Windows code used to process WMF (Windows Meta File) format image files, according to anti-virus firm F-Secure Inc. in Helsinki.

1:06 am on Feb 3, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



So can we buy BestBBS v3.39 to avoid these issues?
3:45 am on Feb 3, 2006 (gmt 0)

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member



The article seems to imply that it was a phpBB vulnerability, but the code on the AMD forum looks like Invision?
5:40 am on Feb 3, 2006 (gmt 0)

10+ Year Member



yup, AMD is defenitely using invision board...

I wonder if they (AMD) upgraded beginning of Jan the critical update IPS put online?

cheers
viggen

1:52 pm on Feb 3, 2006 (gmt 0)

WebmasterWorld Senior Member trillianjedi is a WebmasterWorld Top Contributor of All Time 10+ Year Member



So can we buy BestBBS v3.39

I'm sure this is one of the reasons you can't buy it.

In fact, if it were my software, I wouldn't sell it for this very reason.

Part of the problem with security is having your software on someone elses PC, where, in a local setting, exploits can be more easily uncovered.

TJ

4:13 pm on Feb 3, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



trillianjedi:
I'm sure this is one of the reasons you can't buy it ... Part of the problem with security is having your software on someone elses PC

Hmm, the Microsoft defence (security by obscurity).

If the issue is purely security, then I choose phpBB2. It has been hacked that often that it is the most tested, the most secure.

4:57 pm on Feb 3, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member




It has been hacked that often that it is the most tested, the most secure.

Because it has a history of gettting hacked it's more secure?!
7:39 pm on Feb 3, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



physics:
Because it has a history of gettting hacked it's more secure?!

As long as those hacks are followed by fixes, then - yes!
11:32 pm on Feb 3, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I think the history of repairing Internet Explorer issues shows the folly of this theory. Just because they've successfully fixed a large number of holes doesn't mean there aren't lots more to discover.
5:43 am on Feb 4, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Yikes, strong argument on MSIE, except for just one thing: M$ code is closed and thus--unless you are the Chinese Government--you cannot read it. phpBB2 code is open and freely published.

Thus, it gets fixed, as long as attention is paid to it.

5:55 pm on Feb 4, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I'd prefer an open source solution with less history of getting hacked (or hack density, i.e. hacks/number of users of the software out there), rather than more. Because somethings hacked a lot doesn't mean all of the holes are closed. It might mean that the code wasn't written with security in mind in the first place.
5:06 pm on Feb 5, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



My main issue with phpBB2 is the difficulty of upgrading a heavily-modded system. With everything else - well, when I become perfect I'll start throwing stones.