Paul, you need to patch the forum

FiReSTaRT

Well-known member
Site Supporter
Just wanted to report the following:

vBulletin password hack fuels fears of serious Internet-wide 0-day attacks
Developers of the vBulletin software package for website forums released a security patch Monday night, just hours after reports surfaced that a hack on the developers' site leaked password data and other sensitive information belonging to almost 480,000 subscribers.

vBulletin officials have put in place a mandatory password reset for all users after discovering it was subjected to a hack attack. They went on to warn that the attacker "may have accessed customer IDs and encrypted passwords on our system." A separate post on the vBulletin site makes reference to a security patch for versions 5.1.4 through 5.1.9 of the vBulletin Connect software package.

Noticeably missing from either link is an explicit warning that there is a critical vulnerability in vBulletin that has already been actively exploited and puts thousands of sites at risk until they install the patch. Ars asked vBulletin officials to clarify the reports and to confirm or deny the speculation they have generated, but so far the request has gone unanswered. This post contains inferences and information from alternative sources that has yet to be explicitly confirmed.

Enter Coldzer0

Over the weekend, a person going by the handle Coldzer0 took to various social media and Web forums, including this discussion group, to claim he breached the vBulletin.com website and obtained personal information belonging to 479,895 users. As proof, Coldzer0 provided the screen shot at the top of this post. Coldzer0 also posted a video to YouTube and additional data to a Facebook page, but those items have since been taken down. Coldzer0 also claimed to use the same vulnerability to compromise forums for Foxit Software. At time of writing, those forums were unavailable.

On top of that, on late Tuesday, someone posted an analysis of a purported three-year-old bug that gives hackers the ability to remotely execute code in sites running vBulletin. "Welp, since it's fixed now anyway - a more than 3 years old vBulletin 5 PreAuth RCE," the person posting the writeup wrote on Twitter.

Piecing everything together, it's hard to escape the inference that the vBulletin software contained a zero-day vulnerability that allowed hackers in the wild to gain almost complete control over websites that used the forum app. If so, administrators for any site that uses vBulletin should drop whatever they're doing and immediately install Monday's patch. It also appears that people with accounts on both vBulletin.com and foxitsoftware.com should be explicitly warned that their data has been exposed and that they should change credentials on any other sites that used the same or a similar password. Already, some sites that rely on vBulletin, including the heavily targeted Defcon.org, have suspended user forums until the uncertainty is cleared up. Similar fears over vBulletin security surfaced two years ago.
http://arstechnica.com/security/201...fears-of-serious-internet-wide-0-day-attacks/
 
@firestart so what does this mean to an idiot like myself? Change my password?

Sent from a Samsung Galaxy far, far away using Tapatalk
 
It means that changing your password doesn't matter until the board is patched, because they might be able to grab it anytime they want.
 
It means that changing your password doesn't matter until the board is patched, because they might be able to grab it anytime they want.
Ok, I will wait until I see notification of a patch. Thanks.

Sent from a Samsung Galaxy far, far away using Tapatalk
 
That's why it's cruicial not to reuse passwords. Use a password wallet like Keepass so you only have to remember one and use the program to generate/store the rest of them for you.
 
DO NOT use the same password here and on any other sites or systems. Nobody really wants this site, but they'll try the password you use here with your username or email on other sites that they can monetize.
 
Saw this mentioned yesterday but didn't put two and two together
 
use "password" as your password everywhere, no issues to worry about
 
Saw this mentioned yesterday but didn't put two and two together
Coming up with the answer 4 will not help you in this situation. I'm no longer sure if I can trust any of your tech advice.
Someone mentioned a password keeper. Is that accessible over multiple devices and platforms?

Sent from a Samsung Galaxy far, far away using Tapatalk
 

use "password" as your password everywhere, no issues to worry about
Thanks a bunch guys. I just went and changed all my passwords to "PasswordHunter2". Now I have to change them again. ?

Sent from a Samsung Galaxy far, far away using Tapatalk
 
Coming up with the answer 4 will not help you in this situation. I'm no longer sure if I can trust any of your tech advice.
Someone mentioned a password keeper. Is that accessible over multiple devices and platforms?

Sent from a Samsung Galaxy far, far away using Tapatalk

Yup. Dashlane and LastPass are two big ones
 
Yup. Dashlane and LastPass are two big ones

Isn't LastPass a service so your passwords are in a cloud? Bad idea..

Keepass keeps the information local but I can access the database with my Linux computer, Android phone, wife's Windows computer and you can also install Keepass software on a Mac or an Iphone.
 
Isn't LastPass a service so your passwords are in a cloud? Bad idea..

Keepass keeps the information local but I can access the database with my Linux computer, Android phone, wife's Windows computer and you can also install Keepass software on a Mac or an Iphone.

In theory the password stores are encrypted locally so they would be useless to anyone else anyway. You could safely use them as a forum signature if you wanted.

There are real potential risks if the developers of a password manager do not cleanly handle the use of the master password, of course.
 
zqWm19d.jpg
 
@firestart @TwistedKestrel thanks for the replies.
Another question -- this applies to the .com only or also to the Tapatalk?

Sent from a Samsung Galaxy far, far away using Tapatalk
 
@firestart @TwistedKestrel thanks for the replies.
Another question -- this applies to the .com only or also to the Tapatalk?

Sent from a Samsung Galaxy far, far away using Tapatalk

I'm not very technical, but last night I couldn't access GTAM through tapatalk or web.
 
Back
Top Bottom