http://www.bbc.co.uk/news/technology-10714192
Our own DR giving comment towards a recent vBulletin issue.
You should know that I dealt with the vulnerability within about 5 minutes of learning of it and after I did some forensic work found no evidence of it having been exploited. So nobody needs to worry, except me - I get paid to worry
Still, the nature of the exploit left me and David rather annoyed, and fearful of what could happen to other people's sites that have less secure vbulletin database setups.
So a message to all admins: always ensure your web apps have the absolute minimum of access that they need to run.


LinkBack URL
About LinkBacks
Reply With Quote


