Page 1 of 2 12 LastLast
Results 1 to 16 of 20

Thread: HEXUS on the BBC

  1. #1
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,276
    Thanks
    292
    Thanked
    837 times in 473 posts

    HEXUS on the BBC

    http://www.bbc.co.uk/news/technology-10714192

    Our own DR giving comment towards a recent vBulletin issue.

    You should know that I dealt with the vulnerability within about 5 minutes of learning of it and after I did some forensic work found no evidence of it having been exploited. So nobody needs to worry, except me - I get paid to worry

    Still, the nature of the exploit left me and David rather annoyed, and fearful of what could happen to other people's sites that have less secure vbulletin database setups.

    So a message to all admins: always ensure your web apps have the absolute minimum of access that they need to run.

  2. Received thanks from:

    0iD (22-07-2010),chuckskull (23-07-2010),KidChameleon (22-07-2010),Salazaar (23-07-2010)

  3. #2
    Almost Ex-HEXUS Staff Jonatron's Avatar
    Join Date
    Sep 2009
    Location
    London
    Posts
    613
    Thanks
    47
    Thanked
    206 times in 128 posts

    Re: HEXUS on the BBC

    Steve, I was about to link you to the article but you're clearly way ahead of me.

  4. #3
    Oh Crumbs.... Biscuit's Avatar
    Join Date
    Feb 2007
    Location
    N. Yorkshire
    Posts
    11,193
    Thanks
    1,394
    Thanked
    1,091 times in 833 posts
    • Biscuit's system
      • Motherboard:
      • MSI B450M Mortar
      • CPU:
      • AMD 2700X (Be Quiet! Dark Rock 3)
      • Memory:
      • 16GB Patriot Viper 2 @ 3466MHz
      • Storage:
      • 500GB WD Black
      • Graphics card(s):
      • Sapphire R9 290X Vapor-X
      • PSU:
      • Seasonic Focus Gold 750W
      • Case:
      • Lian Li PC-V359
      • Operating System:
      • Windows 10 x64
      • Internet:
      • BT Infinity 80/20

    Re: HEXUS on the BBC

    Holy crap!

    One of the gaming forums im frequent at has been hit by hackers recently, i hope they havent got anything from it!

  5. #4
    Formerly known as Andehh Andeh13's Avatar
    Join Date
    Oct 2005
    Location
    Northampton
    Posts
    3,353
    Thanks
    855
    Thanked
    257 times in 152 posts
    • Andeh13's system
      • Motherboard:
      • Gigabyte GA-P35
      • CPU:
      • Intel Q6600
      • Memory:
      • 4gb Corsair XMS2 800mhz
      • Storage:
      • 1 x 250gb Western Digital AAKS, 2 x 500gb Western Digital AAKS, 1TB WD Caviar Green
      • Graphics card(s):
      • BFG Geforce 8800GTS 512mb
      • PSU:
      • Corsair HX520
      • Case:
      • Antec 900
      • Operating System:
      • Windows 7 64bit
      • Monitor(s):
      • Samsung 24" & Sony 17"
      • Internet:
      • Virgin 10mb... hate them!

    Re: HEXUS on the BBC

    We're all almost famous through DR!

  6. #5
    handscombmp
    Guest

    Re: HEXUS on the BBC

    I was going to come on here and say are we safe but looks like Steve is such a great admin that he's already fixed it.

  7. #6
    Registered+
    Join Date
    May 2007
    Location
    West Midlands
    Posts
    21
    Thanks
    0
    Thanked
    1 time in 1 post

    Re: HEXUS on the BBC

    It always amazes me how many web servers run misconfigured, outdated and vulnerable versions of software and scripts. I guess for people who do these things as a hobby its pretty easy to miss updates, but for companies who actually pay people to look after this stuff, there should be no excuse.

    Nice to know we're safe here

    q

  8. #7
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,276
    Thanks
    292
    Thanked
    837 times in 473 posts

    Re: HEXUS on the BBC

    Quote Originally Posted by qbie View Post
    It always amazes me how many web servers run misconfigured, outdated and vulnerable versions of software and scripts. I guess for people who do these things as a hobby its pretty easy to miss updates, but for companies who actually pay people to look after this stuff, there should be no excuse.
    No system is perfect and AFAIK Scarlett Johansson isn't a server administrator, so there are no perfect admins either.

    I recall Steve Ballmer (not sure if he was quoting somebody else) recently said something along the lines of "The bad guys only have to be right once; the good guys have to be right all the time" and it is of course true.

    Add into the mix that busy sysadmins rarely have time to stop and take in the lay of the land, it's easy for something to be overlooked. Still, you can try your best and employ some common sense security practices and that reduces the potential damage that can be done.

    Also, it helps if your software providers don't write completely unnecessary debug code, then leave it in a production release. What a rookie mistake. There, I said it.

  9. #8
    Senior Member
    Join Date
    Jul 2003
    Posts
    11,597
    Thanks
    763
    Thanked
    476 times in 328 posts

    Re: HEXUS on the BBC

    The BBC was alerted to the problem by Stuart Wright of audio visual reviews site AV forums, which uses the software for its discussion boards, before the patch was released.

    "It is very worrying that they are releasing a product which has such a horrendous flaw," Mr Wright told BBC News.

    "I'm really not happy - we rely on this software for our business."

    AV Forums has around 300,000 members. It was not using the version with the flaw.

    So Stuart Wright of AV forums was moaning about something that doesnt even effect him, yes its bad but, if he doesnt use the version with the flaw, whats his problem?
    Can we say free publicity for his site?

  10. #9
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,276
    Thanks
    292
    Thanked
    837 times in 473 posts

    Re: HEXUS on the BBC

    Maybe Jonathan Fildes is an acquaintance of his?

    But it's fair to say AV Forums is a pretty big vB forum, and could very easily have fallen foul of the bug.

  11. #10
    Butter king GheeTsar's Avatar
    Join Date
    Jan 2009
    Location
    The shire of berks
    Posts
    2,106
    Thanks
    153
    Thanked
    260 times in 163 posts
    • GheeTsar's system
      • Motherboard:
      • Gigabyte GA-Z68XP-UD3P
      • CPU:
      • Intel i5 2500k
      • Memory:
      • Corsair 8GB
      • Storage:
      • Samsung EVO 850 1 TB + 2 x 1TB Storage
      • Graphics card(s):
      • ASUS Radeon R9 280X
      • PSU:
      • Tagan TG600-U33 600W
      • Case:
      • Fractal Design Define R3
      • Operating System:
      • Windows 10
      • Monitor(s):
      • Acer 24" 120Hz GD245HQ
      • Internet:
      • Virgin 100mb

    Re: HEXUS on the BBC

    So....any increase in traffic after the article?

  12. #11
    Banhammer in peace PeterB kalniel's Avatar
    Join Date
    Aug 2005
    Posts
    30,748
    Thanks
    1,787
    Thanked
    3,285 times in 2,647 posts
    • kalniel's system
      • Motherboard:
      • Gigabyte Z390 Aorus Ultra
      • CPU:
      • Intel i9 9900k
      • Memory:
      • 32GB DDR4 3200 CL16
      • Storage:
      • 1TB Samsung 970Evo+ NVMe
      • Graphics card(s):
      • nVidia GTX 1060 6GB
      • PSU:
      • Seasonic 600W
      • Case:
      • Cooler Master HAF 912
      • Operating System:
      • Win 10 Pro x64
      • Monitor(s):
      • Dell S2721DGF
      • Internet:
      • rubbish

    Re: HEXUS on the BBC

    Well done Steve. Several other forums I visit have already been hacked as a result of this exploit, so VBulletin's email doesn't appear to have been very effective.

  13. #12
    ALT0153™ Rob_B's Avatar
    Join Date
    Jul 2006
    Posts
    6,087
    Thanks
    345
    Thanked
    699 times in 483 posts

    Re: HEXUS on the BBC

    I don't know about anyone else but that stock image on the article made me very scared of hackers

  14. #13
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,276
    Thanks
    292
    Thanked
    837 times in 473 posts

    Re: HEXUS on the BBC

    Really? Provably as a direct result of this particular exploit? If you could PM me the sites that have been affected I'd be interested to take a look.

  15. #14
    Banhammer in peace PeterB kalniel's Avatar
    Join Date
    Aug 2005
    Posts
    30,748
    Thanks
    1,787
    Thanked
    3,285 times in 2,647 posts
    • kalniel's system
      • Motherboard:
      • Gigabyte Z390 Aorus Ultra
      • CPU:
      • Intel i9 9900k
      • Memory:
      • 32GB DDR4 3200 CL16
      • Storage:
      • 1TB Samsung 970Evo+ NVMe
      • Graphics card(s):
      • nVidia GTX 1060 6GB
      • PSU:
      • Seasonic 600W
      • Case:
      • Cooler Master HAF 912
      • Operating System:
      • Win 10 Pro x64
      • Monitor(s):
      • Dell S2721DGF
      • Internet:
      • rubbish

    Re: HEXUS on the BBC

    Quote Originally Posted by Steve View Post
    Really? Provably as a direct result of this particular exploit? If you could PM me the sites that have been affected I'd be interested to take a look.
    PM sent

  16. #15
    Senior Member usxhe190's Avatar
    Join Date
    Sep 2007
    Posts
    1,688
    Thanks
    149
    Thanked
    82 times in 63 posts

    Re: HEXUS on the BBC

    Quote Originally Posted by [GSV]Trig View Post
    So Stuart Wright of AV forums was moaning about something that doesnt even effect him, yes its bad but, if he doesnt use the version with the flaw, whats his problem?
    Can we say free publicity for his site?
    Maybe but then AV forums is THE forum for AV things and so not sure if they need the free publicity though

  17. #16
    Senior[ish] Member Singh400's Avatar
    Join Date
    Jun 2008
    Posts
    2,933
    Thanks
    136
    Thanked
    310 times in 247 posts

    Re: HEXUS on the BBC

    Yeah, saw this over @AVF yesterday. Both sites mentioned

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Hexus Wiki
    By Disturbedguy in forum General Discussion
    Replies: 38
    Last Post: 25-10-2011, 12:38 PM
  2. MAJOR help from the Hexus think tank required!
    By Prime in forum General Discussion
    Replies: 29
    Last Post: 06-02-2010, 12:35 PM
  3. News - Merry Christmas from Team HEXUS!
    By HEXUS in forum HEXUS News
    Replies: 15
    Last Post: 01-01-2010, 01:14 AM
  4. Building A Gaming Rig - A Living Document. (A HEXUS Project)
    By Stewart in forum PC Hardware and Components
    Replies: 188
    Last Post: 06-09-2008, 04:19 PM
  5. HEXUS looking to go one better
    By Steve in forum General Discussion
    Replies: 7
    Last Post: 01-01-2006, 08:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •