Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #76  
Old 03 Aug 2014, 09:59
doctorsexy's Avatar
doctorsexy doctorsexy is offline
 
Join Date: Apr 2011
Real name: Chris
Patch friday....
__________________
http://sandstormradio.org
Reply With Quote
  #77  
Old 03 Aug 2014, 18:58
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Real name: Paul M
Originally Posted by borbole View Post
Which is the case for the last 3 weeks.

This week 's.

http://www.vbulletin.com/forum/forum...-connect-5-1-2

Something such ridiculous I have seen only with vB.
Was it the case for the previous three weeks ?

Will it be the case for the next three weeks ? (I certainly hope not).

If an issue is found, its fixed and patched. Sorry you don't seem to like that.

The attachment issue is obscure at best, Its unlikely anyone would have noticed it unless they went hunting for attachment ids, but however small, it is still a potential issue, so was fixed.

Not even the free scripts have had this kind of issue with security.
I dont suppose they have the same kind of issue vB has with endless trolling either, lucky them.
__________________
Former vBulletin.org Staff Member


Cable Forum
Please do not PM me about custom work - I no longer undertake any.
Note: I will not answer support questions via e-mail or PM - please use the relevant thread or forum.
Reply With Quote
  #78  
Old 03 Aug 2014, 21:08
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Real name: Zachery Woods
Originally Posted by borbole View Post
Which is the case for the last 3 weeks.

This week 's.

http://www.vbulletin.com/forum/forum...-connect-5-1-2

Something such ridiculous I have seen only with vB. Not even the free scripts have had this kind of issue with security.
Every major software vendor has security issues, how they react to them is important. When we find an issue or it gets reported to us we verify it and get it out the door ASAP.

All Major forum software has had issues, as long as humans are programing programings there will be issues. Sometimes its because of the language, sometimes its human error. But if you think other scripts are free from errors you're mistaken.
__________________
Looking for ImpEx?
Reply With Quote
  #79  
Old 03 Aug 2014, 23:51
Mark.B Mark.B is offline
 
Join Date: Feb 2004
I'd far rather my software vendor was upfront about issues of this nature, rather than hiding, denying, saying nothing, until they have no choice (assuming they admit it at all).

There are many examples of the latter. the software I used prior to vBulletin was notorious for it. Defunct now, thankfully.
__________________
MARK.B (Member of the vB Support Team)
Reply With Quote
  #80  
Old 05 Aug 2014, 11:32
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
Originally Posted by Zachery View Post
Every major software vendor has security issues, how they react to them is important. When we find an issue or it gets reported to us we verify it and get it out the door ASAP.

All Major forum software has had issues, as long as humans are programing programings there will be issues. Sometimes its because of the language, sometimes its human error. But if you think other scripts are free from errors you're mistaken.
I completely agree that the majority of forum softwares have had security issues, except xenforo btw. As there has been none with it till now.

However, the thing is that none of them has had the security issues with the frequency of vb 5. One each week for the past 3 weeks. This is what I was talking about, and not why it has had security issues, but the alarming rate of them.
__________________
My mods.
Reply With Quote
  #81  
Old 05 Aug 2014, 18:58
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Real name: Zachery Woods
You either are not active in those communities, or you're wearing some rose tinted glasses.

vBulletin 3, (3.0.x) had a lot of early security issues
phpbb2/3 had a HUGE swath of security issues years back
IP has had their own security issues.
Even XF has had at least one security issue in a non beta release.

Things happen, how you react to them is what is important.

I won't argue that we should take better steps to enforce better security. I know the last thing anyone of the devs want with 5 is an issue they need to work on for security. We hate the issues just as much as you do.
__________________
Looking for ImpEx?
Reply With Quote
  #82  
Old 07 Aug 2014, 03:36
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Aug 2009
Real name: Chris
Seems WordPress and Drupal are in on the security conspiracy with vB also.

http://mashable.com/2014/08/06/wordp...ml-blowup-dos/
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
Reply With Quote
  #83  
Old 07 Aug 2014, 04:23
tbworld tbworld is offline
 
Join Date: Oct 2008
Originally Posted by ozzy47 View Post
Seems WordPress and Drupal are in on the security conspiracy with vB also.

http://mashable.com/2014/08/06/wordp...ml-blowup-dos/
They do like their conspiracies over there.
Reply With Quote
  #84  
Old 12 Aug 2014, 19:36
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Real name: Paul M
Originally Posted by borbole View Post
I completely agree that the majority of forum softwares have had security issues, except xenforo btw. As there has been none with it till now.
http://xenforo.com/community/threads...ity-fix.80629/
http://xenforo.com/community/threads...ity-fix.80630/
__________________
Former vBulletin.org Staff Member


Cable Forum
Please do not PM me about custom work - I no longer undertake any.
Note: I will not answer support questions via e-mail or PM - please use the relevant thread or forum.
Reply With Quote
  #85  
Old 15 Aug 2014, 07:56
Tigga's Avatar
Tigga Tigga is offline
 
Join Date: Dec 2001
Real name: Brian
I must be missing your point... borbole said "until now", meaning they finally had one. Your two links point to the same issue, just fixed in two different versions. It's pretty minor anyway considering the fact that you have to be an admin in the first place to exploit them (or already be trusting 3rd party RSS feeds), unlike recent vB issues.
__________________
Brian Gunter
vBadvanced
Reply With Quote
  #86  
Old 09 Feb 2015, 00:00
Mark.B Mark.B is offline
 
Join Date: Feb 2004
Originally Posted by ajana View Post
am new here some people direct me on what to do
Do you have a vBulletin license? Or are intending to buy one?
If not, this site will not be of any use to you.
__________________
MARK.B (Member of the vB Support Team)
Reply With Quote
  #87  
Old 09 Feb 2015, 00:36
Brandon Sheley's Avatar
Brandon Sheley Brandon Sheley is offline
 
Join Date: Mar 2005
Real name: Brandon
Originally Posted by ajana View Post
am new here some people direct me on what to do
Well you've successfully found out how to bump a year old thread..lol

Off to a great start
__________________

Email me for website help: brandon[at]sheley[dot]org
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 17:10.

Layout Options | Width: Wide Color: