On Tue, 07 Jan 2014 17:12:51 -0800, John Andersen wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 1/7/2014 4:53 PM, Carlos E. R. wrote:
On 2014-01-08 01:04, Jim Henderson wrote:
Don't hate forums. Hate the hackers who think this is a fun thing to do, especially to an open source project.
Well, in this case it appears the hacker only wanted to prove that there was a vulnerability, in order to force vbulleting to update their software fast, no intention to use the obtained data.
The article, which may not be accurate, says OpenSuse was not running the most current version of vBulletin. It might be fixed already in later versions.
The exploit was in the vbseo addon, which was developed by a now defunct company and is no longer patched. So I'm told. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org