The Asian Commercial Sex Scene  

Go Back   The Asian Commercial Sex Scene > For stuff you can't discuss with your Facebook Account > Coffee Shop Talk of a non sexual Nature

Notices

Coffee Shop Talk of a non sexual Nature Visit Sam's Alfresco Heaven. Singapore's best Alfresco Coffee Experience! If you're up to your ears with all this Sex Talk and would like to take a break from it all to discuss other interesting aspects of life in Singapore,  pop over and join in the fun.

User Tag List

Reply
 
Thread Tools
  #1  
Old 16-10-2013, 02:10 AM
Sammyboy RSS Feed Sammyboy RSS Feed is offline
Sam's RSS Feed Bot - I'm not Human. Don't talk to me.
 
Join Date: Aug 2001
Posts: 467,095
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 22 Post(s)
My Reputation: Points: 10000241 / Power: 3357
Sammyboy RSS Feed has a reputation beyond reputeSammyboy RSS Feed has a reputation beyond reputeSammyboy RSS Feed has a reputation beyond reputeSammyboy RSS Feed has a reputation beyond reputeSammyboy RSS Feed has a reputation beyond reputeSammyboy RSS Feed has a reputation beyond reputeSammyboy RSS Feed has a reputation beyond reputeSammyboy RSS Feed has a reputation beyond reputeSammyboy RSS Feed has a reputation beyond reputeSammyboy RSS Feed has a reputation beyond reputeSammyboy RSS Feed has a reputation beyond repute
Thumbs up 35,000 Websites Hacked Using Vulnerability in vBulletin Forum Software

An honorable member of the Coffee Shop Has Just Posted the Following:


35,000 Websites Hacked Using Vulnerability in vBulletin Forum Software

By DAVID GILBERT October 15, 2013 1:19 PM BST

Despite warnings from company behind vBulletin, tens of thousands of websites using the software have been hacked.




More than 35,000 websites using the vBulletin CMS software have been hacked according to security firm Imperva (Reuters)

vBulletin is the fourth most popular content management system (CMS) on the internet with over 100,000 websites powered by its software, but a weakness in its security has seen hackers exploit tens of thousands of these websites using easily available and automated exploit tools to add administrator accounts to the affected sites.

In late August Internet Brands, the company behind vBulletin, issued a warning to all customers running versions 4.x and 5.x of its software, that they needed to remove two directories ( "/install" and "/core/install") on sites using the system or they would leave themselves open to an unspecified attack.

It seems that many customers didn't listen, and security company Imperva has revealed that over 35,000 websites running vBulletin have been hacked using this vulnerability. EA, Zynga, Sony and Steam are all listed as vBulletin customers on the company's website.

Root cause

While Internet Brands didn't specify the root cause of the vulnerability, Imperva was able to determine how attacks breached the websites' security.

The security flaw "allows an attacker to abuse the vBulletin configuration mechanism in order to create a secondary administrative account."

Once the hacker creates the account, they will have full control over the exploited vBulletin application, and subsequently the site supported by its CMS.

The people behind the attacks have been able to quickly identify websites which could be vulnerable to attack, and according to Amichai Shulman, Imperva's chief technology officer, the attackers could be using a botnet - a group of hacked PCs - to get around a problem of retrieving automated results.


Automated

Speaking to security researcher Brian Krebs, Shulman said: "In order to infect 30,000 targets in such a short period of time you need Google, but the problem is that you can't retrieve so many search results that easily in an automated way. Google may show you that there are 30,000 [vulnerable target sites], but when you start scrolling through them all you may get to maybe page five or six [before] you get a message that your machine is performing automated queries, and it will start showing you CAPTCHA," challenges to block automated lookups. "And if I repeat this behaviour from the same Internet address, I'll get blocked for a certain period of time."

By distributing the searches through many different internet addressepers by using a botnet, the attackers can overcome this problem.

"These guys can instruct each part of that distributed network to perform a partial search that would return a part of the entire results," Imperva's director of security strategy, Barry Shteiman said. "That way they can get the list sliced into much smaller pieces that a single machine can then crawl and scrape."

vBulletin has refused to confirm or deny if the vulnerability found by imperva is the same one it wanred about in late August, simply repeating the advise it gave initially, to remove the "/install" and/or "/core/install" folders. If you operate a vBulletin site and still have those directories installed, it is probalby worth while checking to see if any new administrator accounts have been added recently.




Click here to view the whole thread at www.sammyboy.com.
Advert Space Available
Bypass censorship with https://1.1.1.1

Cloudflare 1.1.1.1
Reply



Bookmarks

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT +8. The time now is 12:26 AM.


Powered by vBulletin® Version 3.8.10
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Copywrong © Samuel Leong 2006 ~ 2025 ph