vBulletin software flaw

[Fried Egg]

Just thought I'd make sure the administrators of this site were aware of this:

A serious flaw in software widely used to power online discussion sites could allow hackers to harvest reams of personal data, the BBC has learned.

[mosaix]

Hmmm I wonder...

I've received six pieces of spam in my in box during the past 10 days, the first spam I've ever received since I changed to my current e-mail address about 3 years ago.

I must belong to about half a dozen forums.

[Vertigo]

It could get worse before it gets better - as was commented at the end of the article, once the provider of the software has publicly admitted there is a flaw, then they have revealed it to the whole world, giving all the bad guys a window of opportunity before everyone has upgraded with the fix.

[PTeppic]

I seem to recall it stated the affected version was 3.8.6. We're on 3.8.5.

Quote:

Originally Posted by Vertigo

It could get worse before it gets better - as was commented at the end of the article, once the provider of the software has publicly admitted there is a flaw, then they have revealed it to the whole world, giving all the bad guys a window of opportunity before everyone has upgraded with the fix.

I also seem to recall that the affected version was 9 days old and the patch was available 24 hours before the "news" broke (i.e. news sites picked it up)

[Dave]

I expected someone to notice this so I have already asked Brian for confirmation.

Quote:

Originally Posted by PTeppic

I seem to recall it stated the affected version was 3.8.6. We're on 3.8.5.

That is how I read it too. There is actually a version 4.0.0. but Brian dislikes it. It just shows you that it often isn't a good thing to update to the latest versions of software. It is impossible to properly test some things until after they have been released.