Advertisement:

Author Topic: Avast Forum Hack - Results of Analysis  (Read 275280 times)

Offline Shanzer

  • Newbie
  • *
  • Posts: 1
Re: Avast Forum Hack - Results of Analysis
« Reply #60 on: August 28, 2014, 12:02:55 PM »
I have never known Simple Machines to less than completely professional. It seems to me that a company who produces security software should know how to protect their own forum. Apparently they made mistakes and due to embarrassment tried to blame others.  At first they refused help from SM because they knew they were at fault. Gradually they began to communicate when they realized they were unable to understand and fix the problem. Avast should take responsibility for their own mistakes and lack of competence. Turns out, SM was not at fault and was completely honest. This tells us something about Avast as a company and about the skill of their people. It's not a major feat to maintain a secure installation of SMF. I would be embarrassed too if I ran a company who made millions selling security software and couldn't maintain security on a forum, especially with the amount of support that is available with SMF. I have never used an Avast product, and wouldn't consider doing so. In my personal opinion, Avast is the "BigLots" of the security industry.

 

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 16,535
  • 戦場ヶ原、蕩れ!
    • motokochan on GitHub
    • @motokochan on Twitter
    • Animeneko Network
Re: Avast Forum Hack - Results of Analysis
« Reply #61 on: August 28, 2014, 06:40:16 PM »
It seems to me that a company who produces security software should know how to protect their own forum.

Skills in one area don't often translate over. I know some people who are good coders but couldn't troubleshoot a hardware issue on their development system at all. That said, a company that deals in computer security should be smart enough to know they need people with the right skills.

So keep in mind that security is a process, not a product nor is it a destination. No matter how well you defend yourself, if you offer access of any kind, you can be attacked. It doesn't matter if it's your own custom code or that of a third party. While you can take steps to make things less likely by picking third-party products that have good records or using extensive testing on custom code, you'll never find every possible issue in anything complex.

The right steps would have been to acknowledge the issue, work to find the cause without offering any kind of public blame, seek to get that issue fixed, and then put out a report detailing as best you can what happened and how you fixed it. Especially as a security company, you live by your reputation. Turning a public failure into a good example for your customers won't win all of them back, but it may get you some new ones.

Could Avast have fully protected themselves? Doubtful. It's just not possible with the complexity of web applications today. Could they have handled the situation better? Certainly.


In my personal opinion, Avast is the "BigLots" of the security industry.

Nah, that's more the domain of AVG, or at least has been lately. Avast has always been the slightly more indie product, more of a Tuesday Morning.

(For those not familiar with the brands, Big Lots and Tuesday Morning are both retail liquidators, but Big Lots is considered more down-scale and Tuesday Morning positions itself as an upscale store.)
Motoko-chan
Director, Simple Machines

Just like... making of enemies / 負ける気しない やめるきない / You are cool but fool - Charisma.com 『HATE』

Note: I am not a member of the Simple Machines Forum project.


Offline Arantor

  • SMF Friend
  • SMF Legend
  • *
  • Posts: 62,438
Re: Avast Forum Hack - Results of Analysis
« Reply #62 on: August 28, 2014, 06:48:54 PM »
Without raking over the details too much, there are certain practices that I am surprised were not followed. I would expect better in that particular arena from a security company precisely because the same rules apply in other security contexts and *are* transferrable.
And his eyes have all the seeming of a demon's that is dreaming,
And the lamp-light o'er him streaming throws his shadow on the floor

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 16,535
  • 戦場ヶ原、蕩れ!
    • motokochan on GitHub
    • @motokochan on Twitter
    • Animeneko Network
Re: Avast Forum Hack - Results of Analysis
« Reply #63 on: August 28, 2014, 08:00:01 PM »
Without raking over the details too much, there are certain practices that I am surprised were not followed. I would expect better in that particular arena from a security company precisely because the same rules apply in other security contexts and *are* transferrable.

Yes, of course there are steps they could have done to better protect themselves. There are best practices they probably didn't follow. It would be interesting to know why, and they certainly could have turned it into a moment to show their users that even people who should know better can sometimes still fail and how to ensure that their (the customers) systems and websites aren't vulnerable in the same way.

Either way, they wasted the chance to turn a public loss of confidence into a PR win (or at least a wash). As I said, as a security company, they deal in trust. The way they handled the situation really damaged that beyond the hit from the forum issue itself.
Motoko-chan
Director, Simple Machines

Just like... making of enemies / 負ける気しない やめるきない / You are cool but fool - Charisma.com 『HATE』

Note: I am not a member of the Simple Machines Forum project.


Offline Arantor

  • SMF Friend
  • SMF Legend
  • *
  • Posts: 62,438
Re: Avast Forum Hack - Results of Analysis
« Reply #64 on: August 28, 2014, 08:11:38 PM »
I would suspect the same reason most other people: convenience.

What really threw me was the PR piece about how they were going to move to a new forum software - and then relaunched with SMF.
And his eyes have all the seeming of a demon's that is dreaming,
And the lamp-light o'er him streaming throws his shadow on the floor

Offline butchs

  • SMF Hero
  • ******
  • Posts: 1,616
  • The Jarred of spam bots, lost 7GB bandwidth!
    • EastCoastRollingThunder
Re: Avast Forum Hack - Results of Analysis
« Reply #65 on: August 28, 2014, 08:29:52 PM »
I am surprised this thread is still going.  Has this become a chest pounding extravaganza?  Why continue to throw rocks at a dead horse?
Do not try to force me to fix someone else's code.  No support 4 U!

Offline Arantor

  • SMF Friend
  • SMF Legend
  • *
  • Posts: 62,438
Re: Avast Forum Hack - Results of Analysis
« Reply #66 on: August 28, 2014, 08:32:13 PM »
Because someone decided to bump it and we tried to quell the flames.

No chest pounding here.
And his eyes have all the seeming of a demon's that is dreaming,
And the lamp-light o'er him streaming throws his shadow on the floor

Offline TrayBake

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 21,322
  • Gender: Male
  • His Royal Runicness
    • bryan.deakin.1 on Facebook
    • pouvik on GitHub
    • @bryandeakin on Twitter
    • Dyspraxic Chat
Re: Avast Forum Hack - Results of Analysis
« Reply #67 on: August 28, 2014, 08:45:53 PM »
maybe this should be locked now
Bryan Runic Deakin
His Royal Runicness
Owner @ Bryan Deakin dot Com
Owner @ Dyspraxic Chat

Former Project Manager @ SMF
Former Vice President @ Simple Machines
Former Admin @ idesign360.com

Read my new poem "Fire Ants"!!

Online Kindred

  • The Mean One
  • Project Manager
  • SMF Master
  • *
  • Posts: 41,068
  • Gender: Male
    • wagner999 on Facebook
    • Kindred-999 on GitHub
    • www.linkedin.com/in/wdwagner/ on LinkedIn
    • @Kindred_999 on Twitter
Re: Avast Forum Hack - Results of Analysis
« Reply #68 on: August 28, 2014, 09:12:20 PM »
Agreed
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support forums.  Thank you.