Welcome to WebmasterWorld Guest from 107.20.75.63

Forum Moderators: rogerd

Message Too Old, No Replies

Security Holes in Common Forum Software Packages Exploited

     
11:56 pm on Feb 2, 2006 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38047
votes: 11


[eweek.com...]

Poor deployment of security patches by administrators and the growing popularity of programs like phpBB are to blame, Netcraft said.

On Jan. 30, a bulletin board run by chip maker AMD was compromised by hackers and was used to distribute malicious code.

Those who visited the site, forums.amd.com, were prompted to download a file that exploited a recently patched vulnerability in Windows code used to process WMF (Windows Meta File) format image files, according to anti-virus firm F-Secure Inc. in Helsinki.

1:06 am on Feb 3, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 18, 2003
posts:921
votes: 0


So can we buy BestBBS v3.39 to avoid these issues?
3:45 am on Feb 3, 2006 (gmt 0)

Administrator

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 2, 2000
posts:9685
votes: 0


The article seems to imply that it was a phpBB vulnerability, but the code on the AMD forum looks like Invision?
5:40 am on Feb 3, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Apr 24, 2003
posts:544
votes: 0


yup, AMD is defenitely using invision board...

I wonder if they (AMD) upgraded beginning of Jan the critical update IPS put online?

cheers
viggen

1:52 pm on Feb 3, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member trillianjedi is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 15, 2003
posts:7242
votes: 0


So can we buy BestBBS v3.39

I'm sure this is one of the reasons you can't buy it.

In fact, if it were my software, I wouldn't sell it for this very reason.

Part of the problem with security is having your software on someone elses PC, where, in a local setting, exploits can be more easily uncovered.

TJ

4:13 pm on Feb 3, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 7, 2004
posts:660
votes: 0


trillianjedi:
I'm sure this is one of the reasons you can't buy it ... Part of the problem with security is having your software on someone elses PC

Hmm, the Microsoft defence (security by obscurity).

If the issue is purely security, then I choose phpBB2. It has been hacked that often that it is the most tested, the most secure.

4:57 pm on Feb 3, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 27, 2001
posts:2547
votes: 0



It has been hacked that often that it is the most tested, the most secure.

Because it has a history of gettting hacked it's more secure?!
7:39 pm on Feb 3, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 7, 2004
posts:660
votes: 0


physics:
Because it has a history of gettting hacked it's more secure?!

As long as those hacks are followed by fixes, then - yes!
11:32 pm on Feb 3, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 18, 2003
posts:921
votes: 0


I think the history of repairing Internet Explorer issues shows the folly of this theory. Just because they've successfully fixed a large number of holes doesn't mean there aren't lots more to discover.
5:43 am on Feb 4, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 7, 2004
posts:660
votes: 0


Yikes, strong argument on MSIE, except for just one thing: M$ code is closed and thus--unless you are the Chinese Government--you cannot read it. phpBB2 code is open and freely published.

Thus, it gets fixed, as long as attention is paid to it.

5:55 pm on Feb 4, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 27, 2001
posts:2547
votes: 0


I'd prefer an open source solution with less history of getting hacked (or hack density, i.e. hacks/number of users of the software out there), rather than more. Because somethings hacked a lot doesn't mean all of the holes are closed. It might mean that the code wasn't written with security in mind in the first place.
5:06 pm on Feb 5, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 7, 2004
posts:660
votes: 0


My main issue with phpBB2 is the difficulty of upgrading a heavily-modded system. With everything else - well, when I become perfect I'll start throwing stones.