Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #31  
Old 30 Aug 2011, 11:11
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
Again, the best thing people can do is to follow all precautions mentioned in the email:

1) Disable the mod (via vBulletin Product Manager)
2) Rename or remove all uploaded files (mod files, not games, but the files that originally came with the mod to upload)

This is all the information you need at this time.

What I will confirm is the author has made contact and I believe this will get resolved. I will give no time estimate- maybe today, maybe tomorrow, maybe next week/month I don't know. We all hope sooner than later of course.
__________________
-Joe (@BirdOPrey5) Former Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #32  
Old 30 Aug 2011, 11:32
JacquiiDesigns's Avatar
JacquiiDesigns JacquiiDesigns is offline
 
Join Date: Dec 2008
Location: Tennessee
Real name: Jacquii Cooke
Originally Posted by BirdOPrey5 View Post
Again, the best thing people can do is to follow all precautions mentioned in the email:

1) Disable the mod (via vBulletin Product Manager)
2) Rename or remove all uploaded files (mod files, not games, but the files that originally came with the mod to upload)

This is all the information you need at this time.

What I will confirm is the author has made contact and I believe this will get resolved. I will give no time estimate- maybe today, maybe tomorrow, maybe next week/month I don't know. We all hope sooner than later of course.
Thanks for the update, though I'm sure we could debate rather robustly on the concept of need :P -- and yet another point of contention: some may not even know what files to even rename/remove because the archive is no longer downloadable here at the .org

IDK - I just think there has to be a better way to handle quarantined/graveyarded mods....

</drama-queen-ism>
__________________
Call For Submissions. Come share your poetry & writing at JPiC Forum.
JPiC Forum For Writers | Celebrating Diversity With The Typed Word
Reply With Quote
  #33  
Old 30 Aug 2011, 13:35
nighteyes nighteyes is offline
 
Join Date: Oct 2001
Originally Posted by Adrian Schneider View Post
Wow guys. Any administration, developer, etc. worth a grain of salt will not give out (even potential) security vulnerabilities to harm their members. For those who are curious, you can find out by looking at the patch once it comes out or try finding it yourself prior.
Most of the users saying we are drama queens with our suggestions haven't even comprehended the point we are making. Nobody is asking them to disclose the precise security vulnerabilities. We only wanted to know the mod was pulled for security reasons. EXACTLY the information they did finally disclose in this thread. In the past, modifications have been quarantined for a variety of reasons including copyright infringement and violating Jelsoft's terms. Is it reasonable for us to have to guess why they have pulled a modification from the site?

As my earlier message demonstrated, they used to tell us when a product was pulled because it was vulnerable to exploit. Why can't they continue to do this? All we're asking for is the information they went ahead and confirmed in this thread anyway.

I'm also aware it's a thankless task volunteering to staff a forum. I'm sure there's a good chance those we've been venting at had nothing to do with whatever policies were implemented to change the way these quarantine notifications are sent out.
Reply With Quote
  #34  
Old 30 Aug 2011, 14:40
Hippy's Avatar
Hippy Hippy is offline
 
Join Date: Dec 2001
MrZeropage came through with a fix and a new version..
once again thanks MrZeropage
Reply With Quote
  #35  
Old 30 Aug 2011, 16:46
garyb12001 garyb12001 is offline
 
Join Date: Jun 2010
Originally Posted by Hippy View Post
MrZeropage came through with a fix and a new version..
once again thanks MrZeropage
Agreed. Thanks for the quick resolution!
Reply With Quote
  #36  
Old 30 Aug 2011, 17:24
Biker_GA Biker_GA is offline
 
Join Date: Oct 2004
Originally Posted by BirdOPrey5 View Post
Again, the best thing people can do is to follow all precautions mentioned in the email:

1) Disable the mod (via vBulletin Product Manager)
2) Rename or remove all uploaded files (mod files, not games, but the files that originally came with the mod to upload)

This is all the information you need at this time.

What I will confirm is the author has made contact and I believe this will get resolved. I will give no time estimate- maybe today, maybe tomorrow, maybe next week/month I don't know. We all hope sooner than later of course.
No. You completely missed the point.

What we're saying is the email was totally worthless from an Administrative standpoint. It told me nothing other than the modification was quarantined. I could care less about the details of an exploit, but that email should have stated there was a security issue to lend credence to the notification.

We're not complaining about the lack of information about the exploit itself. We're complaining about the lack of information period. We should have been told WHY the modification was quarantined. This doesn't mean you have to go into the details of the exploit, but as an administrator, I can't make informed decisions on how my site is run when I get a half baked email like I received.
Reply With Quote
  #37  
Old 30 Aug 2011, 17:47
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
Originally Posted by Biker_GA View Post
No. You completely missed the point.

What we're saying is the email was totally worthless from an Administrative standpoint. It told me nothing other than the modification was quarantined. I could care less about the details of an exploit, but that email should have stated there was a security issue to lend credence to the notification.

We're not complaining about the lack of information about the exploit itself. We're complaining about the lack of information period. We should have been told WHY the modification was quarantined. This doesn't mean you have to go into the details of the exploit, but as an administrator, I can't make informed decisions on how my site is run when I get a half baked email like I received.
Quite frankly you don't need to know why you just need to know it has been.

If I confirm it is a security exploit then you will have nefarious people scan the code line by line looking for the exploit to take advantage of it. If they miss it the first time, they will keep looking because they *know* for sure it is there.

But if I don't confirm it's a security exploit they may look through the code and not see it the first time, or the second time, and give up and assume it wasn't a security issue at all- which is possible.

That is why I will never confirm it was or was not a security issue/exploit- but if I was a user of the mod I would ALWAYS assume it's an exploit and follow the recommended procedure.
__________________
-Joe (@BirdOPrey5) Former Moderator. Fighting for a free & independent vb.org.
BirdOPrey5.com - Exclusive VB Mods! (Formerly Qapla.com) | Joe's Ultimate Off Topic
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #38  
Old 30 Aug 2011, 17:58
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
I agree with the staff that the exploits should not be posted in the public. Otherwise every script kiddie/wanna be hacker will try out those exploits in every forum that they can running the arcade. We have seen this thing happen all the time in cases like this.

We all should be grateful to the vb staff here who look out for us by letting us know anytime a security issue has been discovered with any of the mods here and takes precautions immediately that no other users will put their forums at risk by installing and using something not secure. At least that is how I see it.
__________________
My mods.
Reply With Quote
  #39  
Old 30 Aug 2011, 20:25
MrZeropage's Avatar
MrZeropage MrZeropage is offline
 
Join Date: Nov 2003
Real name: Marcel
Yes, security-problems should not be made public, just to the developer himself to make sure he can provide a quick fix.

That's how it works well here on vb.org - I can a message telling the details, checked it and could fix it in time, and that's what the community needs. Otherwise there would fly around some usermade hotfixes, some ideas ect which do not help having a stable product with support and development, as modified trees could get out of this ect.


Everything is fine now, everybody just upgrade to v2.7.1+
__________________
Get the most installed modification for your vBulletin (more than 8400 installations and 144.000 downloads!):
ibProArcade 2.7.3+ download here | Click here to enter the ibProArcade-Support-Section
Reply With Quote
  #40  
Old 30 Aug 2011, 23:06
AuroraStorm's Avatar
AuroraStorm AuroraStorm is offline
 
Join Date: Nov 2006
Um, the last time I tried to update this on my sister board, I couldn't get it to work, which is why I didn't update it on my board...

I'll try it and see...thanks for coming through, Zeropage. This is one of the best, if not THE best mods around...
Reply With Quote
  #41  
Old 31 Aug 2011, 08:03
MrZeropage's Avatar
MrZeropage MrZeropage is offline
 
Join Date: Nov 2003
Real name: Marcel
if you fail, contact me
__________________
Get the most installed modification for your vBulletin (more than 8400 installations and 144.000 downloads!):
ibProArcade 2.7.3+ download here | Click here to enter the ibProArcade-Support-Section
Reply With Quote
  #42  
Old 01 Sep 2011, 23:21
AuroraStorm's Avatar
AuroraStorm AuroraStorm is offline
 
Join Date: Nov 2006
It went fine but I have a few games that aren't saving but I see Hippy has a solution. I have members playing the games and will let me know if this is a wide spreading problem. If it is, I'll utilize the fix...

Thanks! You're such a sweetheart...
Reply With Quote
  #43  
Old 01 Sep 2011, 23:33
Hippy's Avatar
Hippy Hippy is offline
 
Join Date: Dec 2001
I have found some games don't save scores..
so if its just a few of them kill them and find new ones to add..

if they are all not saving apply the fix..

enjoy
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


New To Site? Need Help?

All times are GMT. The time now is 09:13.

Layout Options | Width: Wide Color: