MSE News: Security warning for web forum users (MSE unaffected) 23 July 2010 at 12:14PM edited 23 July 2010 at 4:59PM in Broadband & internet access 13 replies 2.6K views

Former_MSE_Natasha

This is the discussion thread for the following MSE News Story:

"Websites using specific software, which we DON'T employ, are giving hackers easy access to users' data, it's claimed ..."

Read the full story:
Security warning for web forum users

Old_Wrinkly

Some comment by MSE on being a testing site for vBulletin would be appreciated ...

From the "How this site is financed" article :

• Servers and keeping the site running
  ...
  The Forum alone is the seventh biggest social networking site in the UK, and takes huge resources because it's massive. In fact the company that provides the off-the-peg software for the Forum, Vbulletin, is now working with us as it's become one of the world's biggest and it allows them to tweak and test their software under huge stress.

LeeUK

Old_Wrinkly wrote: »

Some comment by MSE on being a test site for vBulletin would be appreciated ...

How is MSE a test site for vBulletin?

Old_Wrinkly

'Test site' might well be the wrong terminology. It depends on what is taking place. Hence my post.

MSE_Martin

We have worked with Vbulletin on how best to set up servers to optomise speed on a forum of huge scale as MSE. It's not about the software development.

Old_Wrinkly

Thanks for the quick response, Martin.

bat-out-of-hell

Why is a security glitch in forum software an issue? It is always possible to find a 'door' if your detimined enough to find it, which is why any forum should stress do not use info when signing up to a forum that can personally identify you.

I am aware that warning is often ignored, but as long as the warning is given, then it is at the users risk if they ignore it.

If the likes of M$ can not produce a secure OS, which the constant updates show they can not, what chance does a forum software developer have?

LeeUK

bat-out-of-hell wrote: »

Why is a security glitch in forum software an issue? It is always possible to find a 'door' if your detimined enough to find it, which is why any forum should stress do not use info when signing up to a forum that can personally identify you.

I am aware that warning is often ignored, but as long as the warning is given, then it is at the users risk if they ignore it.

If the likes of M$ can not produce a secure OS, which the constant updates show they can not, what chance does a forum software developer have?

Prob because it made it onto the BBC News website. Plus it's a very well known and popular forum script used all over the Internet.

spenderdave

From the chap who runs one of the other forums I visit which uses Vbulletin it appears they have already released a patch for this. So it is probably only an issue for those administrators who are slow in updating. Like many of these things the media has probably gone OTT.

MSE_Martin

The reason we did it - was this wasnt a normal flaw, it was a swinging wide open door anyone could get. Yet more so because we've had lots of emails from users on the back of BBC news story on it - worried about their use of MSE so we combined putting peoples minds at rest with a generalised news story - which seems sensible to me!

spud17

Is this in any way connected to posts, by myself and others where unique email addresses were suddenly spammed?