On Wed, 08 Jan 2014 20:49:53 +0100, Carlos E. R. wrote:
On Wednesday, 2014-01-08 at 01:51 -0000, Jim Henderson wrote:
On Wed, 08 Jan 2014 01:53:40 +0100, Carlos E. R. wrote:
Well, in this case it appears the hacker only wanted to prove that there was a vulnerability, in order to force vbulleting to update their software fast, no intention to use the obtained data.
Or so he claims.
If he were, he'd have told vBulletin of the exploit. The exploit is described as a "private exploit," which to me says he's not disclosed it.
Aparently, he did - or so says user "Matt" on the news thread comments (https://news.opensuse.org/2014/01/07/opensuse-forums-defaced/):
This exploit was posted in the licensed customer feedback forum at vBulletin.com. This is the reply from Joe D:
“At this time we are not aware of any known exploit and I am unsure how or why they believe the exploit is with the forum software.
I'm not sure I'm going to trust someone who defaces websites to be honest about their disclosure. There certainly was no reason to target the openSUSE forums to make a point to the forum vendor. But whatever his motivation, it's being dealt with. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org