Announcement

Collapse
No announcement yet.

Another forum gets hit and has user data compromised

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Another forum gets hit and has user data compromised

    vBulletin.org

    Received an email notice this evening containing this statement.
    We take your security and privacy very seriously. Very recently, our security team discovered sophisticated attacks on our network, involving the illegal access of forum user information, possibly including your password. Our investigation currently indicates that the attackers accessed customer IDs and encrypted passwords on our systems. We have taken the precaution of resetting your account password. We apologize for any inconvenience this has caused but felt that it was necessary to help protect you and your account.
    This is the second time that vBulletin.org has notified me of user data breaches. They (vBulletin.org) are not on a secure (SSL) service.

    Having moved Kubuntu Forums . Net on to a secure (SSL) service seems even more fortuitous!
    Last edited by Snowhog; Nov 17, 2013, 01:24 AM.
    Windows no longer obstructs my view.
    Using Kubuntu Linux since March 23, 2007.
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes

    #2
    Big Thanks to the entire staff for keeping my password and info safe Snowhog. Although I use a unique password for all the various places I visit online, you never know what may be achieved by a forum attack. I never bought into those universal passwords offered by my browser. I keep all my passwords safely encoded on a completely different computer not even connected to the internet.... I am so paranoid. But paranoia is a good thing when it comes to personal security.

    Comment


      #3
      Which account are they talking about exactly, and what is it used for?

      If you (the amin team) want to make changes to KFN, do you log in to KFN directly, or through VBulletin?
      samhobbs.co.uk

      Comment


        #4
        Originally posted by Feathers McGraw View Post
        Which account are they talking about exactly, and what is it used for?

        If you (the amin team) want to make changes to KFN, do you log in to KFN directly, or through VBulletin?
        All that is explained in the VBulletin documentation. Basically, there are links visible to those with admin status, according to the level of their status. Changes to VBulletin itself requires a shell access which only a few (1 ?) admins have.
        "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
        – John F. Kennedy, February 26, 1962.

        Comment


          #5
          vBulletin is the forum software we (KFN) use. Nothing about KFN or what we do in it is on vbulletin.org. When FKN's Administrators 'do their thing' -- managing our forum -- we log in from where ever we are to the AdminCP (Control Panel).

          I made the OP partly to illustrate that another large forum (remember Ubuntuforums?) had become compromised because of lax administrative control. Both forums (Ubuntuforums and vBulletin.org) were/are unsecure, not using SSL.

          Here at KFN, we learn from the mistakes of others so that we don't have to fall prey to the unfortunate consequences.
          Windows no longer obstructs my view.
          Using Kubuntu Linux since March 23, 2007.
          "It is a capital mistake to theorize before one has data." - Sherlock Holmes

          Comment


            #6
            The prior siduction forum was on zikula, and last year it suddenly turned into a spam magnet -- hundreds of phony users registered and dumped their spam loads. So several of us spent many hours scrubbing the user list, then the dev team gave a serious look at using joomla, but in they end they combined Tiny Portal and SMF (don't ask -- it's all way over my head). It's been up for a couple of weeks now and most of the wrinkles are ironed out.

            Comment


              #7
              Yep, I realise vBulletin is the forum software. I thought you meant you'd received an email about a vBulletin account owned by KFN (in your capacity as an administrator).

              My bad!

              I'm glad we're now using SSL, I actually raised a question about it when I realised we weren't, having just read about the Ubuntuforums breach... someone could do a lot of damage with just one captured admin password!

              Feathers
              samhobbs.co.uk

              Comment


                #8
                macrumours was recently compromised too

                Sent from my XT901 using Tapatalk
                Registered Linux User 545823

                Comment


                  #9
                  Originally posted by Teunis
                  Just a guess but I assume someone with the security stature and travelling habits of Steve Riley would have used some proxy to log in to his admin account?
                  After all, especially on the networks at venues where security pro's gather you are never alone.
                  Connecting one's laptop to the public network at a security conference can indeed be a dicey proposition! I am quite cautious about this.

                  Originally posted by Snowhog View Post
                  I made the OP partly to illustrate that another large forum (remember Ubuntuforums?) had become compromised because of lax administrative control.
                  Most attacks succeed because of poor management practices, not actual vulnerabilities in the software.

                  Originally posted by Feathers McGraw View Post
                  I'm glad we're now using SSL, I actually raised a question about it when I realised we weren't, having just read about the Ubuntuforums breach... someone could do a lot of damage with just one captured admin password!
                  SSL protects information in transit. It would not have prevented the attack at Ubuntu forums, which ultimately boiled down to long-forgotten admin credentials.

                  Comment

                  Working...
                  X