Mailinglist Archive: opensuse (1420 mails)

< Previous Next >
[opensuse] Re: forums.opensuse.org down?
  • From: Jim Henderson <hendersj@xxxxxxxxx>
  • Date: Thu, 9 Jan 2014 00:23:15 +0000 (UTC)
  • Message-id: <lakq5j$2cq$2@ger.gmane.org>
On Wed, 08 Jan 2014 20:49:53 +0100, Carlos E. R. wrote:

On Wednesday, 2014-01-08 at 01:51 -0000, Jim Henderson wrote:
On Wed, 08 Jan 2014 01:53:40 +0100, Carlos E. R. wrote:

Well, in this case it appears the hacker only wanted to prove that
there was a vulnerability, in order to force vbulleting to update
their software fast, no intention to use the obtained data.

Or so he claims.

If he were, he'd have told vBulletin of the exploit. The exploit is
described as a "private exploit," which to me says he's not disclosed
it.

Aparently, he did - or so says user "Matt" on the news thread comments
(https://news.opensuse.org/2014/01/07/opensuse-forums-defaced/):

This exploit was posted in the licensed customer feedback forum at
vBulletin.com. This is the reply from Joe D:

“At this time we are not aware of any known exploit and I am unsure
how or why they believe the exploit is with the forum software.

I'm not sure I'm going to trust someone who defaces websites to be honest
about their disclosure. There certainly was no reason to target the
openSUSE forums to make a point to the forum vendor.

But whatever his motivation, it's being dealt with.

Jim

--
Jim Henderson
Please keep on-topic replies on the list so everyone benefits

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups