Advertisement:

Author Topic: Avast Forum Hack - Results of Analysis  (Read 914687 times)

Offline Scripty

  • Semi-Newbie
  • *
  • Posts: 13
  • Gender: Male
  • Who am i?
Re: Avast Forum Hack - Results of Analysis
« Reply #20 on: June 07, 2014, 04:21:09 PM »
This was actually interesting and well explained.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,061
    • Arantor on GitHub
Re: Avast Forum Hack - Results of Analysis
« Reply #21 on: June 07, 2014, 04:26:07 PM »
Yup, Kindred did a good job of nailing the important details.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline firemun

  • Semi-Newbie
  • *
  • Posts: 22
  • Gender: Male
    • @fafcommunity on Twitter
    • Forum Admin Forum
Re: Avast Forum Hack - Results of Analysis
« Reply #22 on: June 08, 2014, 11:49:07 PM »
Good statement issued, Kindred! I'm Team SMF all the way!

Offline AtzeX

  • Semi-Newbie
  • *
  • Posts: 15
Re: Avast Forum Hack - Results of Analysis
« Reply #23 on: June 10, 2014, 05:12:19 AM »
Quote
If you run a forum, lock your file permissions down.
Good point.
Is there a tutorial anywhere for doing this?
Would appreciate it.

kat

  • Guest
Re: Avast Forum Hack - Results of Analysis
« Reply #24 on: June 10, 2014, 05:42:10 AM »
I'm Team SMF all the way!

Really, Shawn?

Golly. ;)

Offline firemun

  • Semi-Newbie
  • *
  • Posts: 22
  • Gender: Male
    • @fafcommunity on Twitter
    • Forum Admin Forum
Re: Avast Forum Hack - Results of Analysis
« Reply #25 on: June 11, 2014, 01:33:50 AM »
I'm Team SMF all the way!

Really, Shawn?

Golly. ;)

Yeah, really :) Avast was just looking for a scape goat from what I can tell. It would be embarrassing for a security company to admit to having horrible security practices. So they turned it on SMF without really considering their own fault in it all. I am with y'all on this one :)

Offline Ninja ZX-10RR

  • SMF Hero
  • ******
  • Posts: 2,135
  • Gender: Male
  • Sniper Legends
    • Flavio93Zena on Facebook
    • Virtual Interactive Games Entertainment Forum
Re: Avast Forum Hack - Results of Analysis
« Reply #26 on: June 11, 2014, 02:15:39 AM »
I'm Team SMF all the way!

Really, Shawn?

Golly. ;)

Yeah, really :) Avast was just looking for a scape goat from what I can tell. It would be embarrassing for a security company to admit to having horrible security practices. So they turned it on SMF without really considering their own fault in it all. I am with y'all on this one :)
I believe everyone here thinks the same ;) probably they made a pretty good anti-virus (even if it detects way too many false-positives) but they proved they suck hard with their own security...
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.
♥ Jess ♥

STOP EDITING MY PROFILE

Offline Antechinus

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 24,136
  • Master of BBC Abuse
Re: Avast Forum Hack - Results of Analysis
« Reply #27 on: June 11, 2014, 03:24:07 AM »
Yeah well no point rubbing it in. Everyone gets hacked sooner or later.

Offline Ninja ZX-10RR

  • SMF Hero
  • ******
  • Posts: 2,135
  • Gender: Male
  • Sniper Legends
    • Flavio93Zena on Facebook
    • Virtual Interactive Games Entertainment Forum
Re: Avast Forum Hack - Results of Analysis
« Reply #28 on: June 11, 2014, 03:32:49 AM »
Yeah well no point rubbing it in. Everyone gets hacked sooner or later.
Well if you build up a system with no security flaws you can't get hacked through the system itself :) the only way that such a thing can happen could be that another site gets hacked and an admin using the same password on multiple websites, exactly the same thing that happened here but that was human fault not system's ;)
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.
♥ Jess ♥

STOP EDITING MY PROFILE

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,022
  • 戦場ヶ原、蕩れ!
    • srvrguy on GitHub
    • @motokochan on Twitter
    • Nekomusume Moe
Re: Avast Forum Hack - Results of Analysis
« Reply #29 on: June 11, 2014, 01:12:44 PM »
Well if you build up a system with no security flaws you can't get hacked through the system itself :)

There is no such thing as a system with no security flaws. The best you're going to get is software that can be mathematically proven to match your requirements, but that only holds up if the assumptions underlying the proof are correct. It's also really expensive and doesn't scale well with complexity.

Securing a system is a practice in balancing accessibility and ease of use with prevention of malicious use. The most secure system is one encased in concrete and dumped in a trench in the ocean, but it's not usable.

It's sad that Avast disengaged in the investigation process after the SM investigators found some problems that didn't point to SMF itself.
Motoko-chan
Director, Simple Machines

Just because it's pouring down doesn't mean we're gonna drown. There's a time when all you can say is let it rain - Mat Kearney (Let It Rain)

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


kat

  • Guest
Re: Avast Forum Hack - Results of Analysis
« Reply #30 on: June 11, 2014, 01:50:34 PM »
We have about as much chance of them fessing-up as the British government have of fessing-up that they're idiots. ;)

If I was the boss, at Avast, I'd've fessed-up, particularly if it'd been the "fault" that it seems to be.

"See? No matter how good your security is, human-error is something that even we can't secure against. Watch yourself". :)

Offline Ninja ZX-10RR

  • SMF Hero
  • ******
  • Posts: 2,135
  • Gender: Male
  • Sniper Legends
    • Flavio93Zena on Facebook
    • Virtual Interactive Games Entertainment Forum
Re: Avast Forum Hack - Results of Analysis
« Reply #31 on: June 11, 2014, 05:08:58 PM »
Well if you build up a system with no security flaws you can't get hacked through the system itself :)

There is no such thing as a system with no security flaws.
Well I was saying that because SMF 2.0.7 has no (known) security issues ;)
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.
♥ Jess ♥

STOP EDITING MY PROFILE

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,061
    • Arantor on GitHub
Re: Avast Forum Hack - Results of Analysis
« Reply #32 on: June 14, 2014, 09:31:21 AM »
Remember they said they were going to go to a new forum software, one that's more secure than SMF?

Their forum is again open - https://forum.avast.com/ - oh look... ;D
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline Dragooon

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 6,738
  • Gender: Male
  • I'm bIn
    • ShitizGarg on Facebook
    • Dragooon on GitHub
    • dragooon on LinkedIn
    • SMF-Media
Re: Avast Forum Hack - Results of Analysis
« Reply #33 on: June 14, 2014, 09:35:19 AM »
I swear I've seen that forum software before.

Lou69

  • Guest
Re: Avast Forum Hack - Results of Analysis
« Reply #34 on: June 14, 2014, 09:48:08 AM »
 ;)  Well, it does look familiar. Something about the blue and orange colors?

Anyway, glad they are back online and using SMF. So far the mods/admins/CSR are being helpful to their membership and not trashing SMF. A couple of members did express a bit of angst about SMF but that will always be the case. Every software have those that do not like it for one reason or the other.

https://forum.avast.com/index.php?topic=150636.0

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,061
    • Arantor on GitHub
Re: Avast Forum Hack - Results of Analysis
« Reply #35 on: June 14, 2014, 10:13:09 AM »
Oh there are several people in that thread trashing SMF and I wouldn't entirely disagree - the methods used to get in were certainly not helped by what could be done once inside, but all of the salient points stand: it's not ultimately SMF's fault.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline SaltedWeb

  • Full Member
  • ***
  • Posts: 618
  • Why do we use the Internet...Hayes 1200 Thats Why
Re: Avast Forum Hack - Results of Analysis
« Reply #36 on: June 14, 2014, 11:25:13 AM »

I have a dozen smf forums, and one xenforo, the xenforo gets more spam and security issues.
Ive been using the internet since before BBS were used. I was a security adviser for a well known
email program. Now this was oldschool But what I can say is that 9 out 10 times or more when there was
a security issue ( and this has not changed) it was because a user did something not the software. Its like people that download torrents and then ****** they get hacked.   Not bashing Xenforo, but I find it to allow allot of spam through. I get none on my SMF forums. I have no doubt that SMF is not a security risk, I find it suspect perhaps this story was planted, infiltrated or plain made up and there may be a more hidden agenda.  Its not like some one would not make this up to and whom else to go after then the best bar-none free forum on the web. Most paid version never come close.
Thats because SMF is built with passion, not dollar signs. And it reflects it users whom most are the same way makings money is great, but also enjoying it why you do is the base for SMF and her community.

Multi-Linking, like a Boss.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,061
    • Arantor on GitHub
Re: Avast Forum Hack - Results of Analysis
« Reply #37 on: June 14, 2014, 12:49:21 PM »
Quote
I have a dozen smf forums, and one xenforo, the xenforo gets more spam and security issues.

Spam is not a security issue, nor has XenForo ever had any known security issues.

* ‽ is a licence holder btw

Quote
Most paid version never come close.

On the contrary, I consider XenForo a superior platform in a number of respects, even as much as I like SMF.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline 青山 素子

  • Server Team
  • SMF Super Hero
  • *
  • Posts: 17,022
  • 戦場ヶ原、蕩れ!
    • srvrguy on GitHub
    • @motokochan on Twitter
    • Nekomusume Moe
Re: Avast Forum Hack - Results of Analysis
« Reply #38 on: June 14, 2014, 11:55:21 PM »
SMF is an awesome product, and we're (everyone involved in some way) rightly proud of our security record. That's why we were so hurt when the rumors started about there being an issue. We're still very open to anyone who wants to approach us because of a security issue they found.

On the contrary, I consider XenForo a superior platform in a number of respects, even as much as I like SMF.

That's not a bad thing, either. XF is maintained by a dedicated paid team, which means it gets solid focus with smaller resources. Open source projects only work that way when you have a large team working on spare time, or a lot of people who are extremely dedicated and active.

Also, competition is good. It's what keeps things getting better. For some time, SMF was perhaps the strongest forum solution free or paid (outside niche cases). That led to some serious lack of effort to improve. Combine that with developer burn-out for various reasons causing slow development, and SMF now has some very strong competition that the team let get ahead. It can be hoped that now the team will be hungry for success and to re-live the moments of being the best. I can only hope that the team can come together to plan an even better future and deliver on it. I know I'll be doing my small part to support them.
Motoko-chan
Director, Simple Machines

Just because it's pouring down doesn't mean we're gonna drown. There's a time when all you can say is let it rain - Mat Kearney (Let It Rain)

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Offline a10

  • Charter Member
  • Sr. Member
  • *
  • Posts: 744
Re: Avast Forum Hack - Results of Analysis
« Reply #39 on: June 15, 2014, 10:16:49 AM »
Quote
SMF is an awesome product, and we're (everyone involved in some way) rightly proud of our security record -/-

^^^ good post.
2.0.14, php 7.0.24, ssl. Mods: Contact Page, Like Posts, Responsive Curve.