• Please use real names.

    Greetings to all who have registered to OPF and those guests taking a look around. Please use real names. Registrations with fictitious names will not be processed. REAL NAMES ONLY will be processed

    Firstname Lastname

    Register

    We are a courteous and supportive community. No need to hide behind an alia. If you have a genuine need for privacy/secrecy then let me know!
  • Welcome to the new site. Here's a thread about the update where you can post your feedback, ask questions or spot those nasty bugs!

News: Why OPF was Switched off! The scramble to protect personal data!

Asher Kelman

OPF Owner/Editor-in-Chief
The last thing we want to do is turn off even for an hour. We were down for 8 hours from 2 am until 10:04 Pacific time! The extreme step was taken as a precautionary measure.

We were shocked to learn via the BBC online news service, here of a simple entrance to the administrators functions in vbulletin.


A serious flaw in software widely used to power online discussion sites could allow hackers to harvest reams of personal data, the BBC has learned.

The flaw in a specific version of the vBulletin software allows anyone to easily access the main administrator username and password for a site.

_48456675_78528474.jpg


Photo: BBC: The flaw could allow a hacker to access forum user's personal data


This would also allow hackers to access data, such as e-mail addresses, and edit the site at will.

....The simple hack, which the BBC has confirmed, allows even unskilled people to access many websites.

With a few key strokes the person can obtain the administrator's username and password for the website.

This can be used to log in to the site and modify and delete elements at will.

David Ross, founder of Hexus.net, a technology news and reviews website, said the flaw was a "potential nightmare".

"It could allow someone to access all of the user accounts for the site," he said.

This would be useful to a hacker, he said, because it was "good quality information" that had already been verified.




This shocking news occurred at the same time a suspicious post from Russia replying to Dougs 2009 thread on "Fourrier Transforms" used in MTF specifications of lenses, (often calculated and not measured, but considered critical in choice of lenses for specific work). I discovered that the poster, likey a BOT had hooked on to the words "Excel and spreadsheet" to add a response with a link to a likely malware site where they could send folk what ever they wished or take over their computers. There was no damage or evidence of penetration of OPF structure or content except that the Fourrier Transform thread mysteriously vanished after the BOT or fellow was banned. (Doug will repost that interesting article.)

With these two incidents I realized we did not need a door open to hackers here and that the risk was too great.

Unfortunately one cannot simply telephone vBulletin and speak to tech support! Our notice from vBulletin referred to a patch level one needed for version 3.8.6. We have at the moment 3.8.4 with patch level 2. They didn't make it clear as to whether the doorway to hackers was open also to other versions. I asked other administrators with more technical knowledge than I have and was advised to employ the patch. Just to be certain and not ruin our database, I set up an urgent ticket in their support area and asked vBulletin support. Obviously they were flooded with similar requests as this is the one soft ware that the vast majority of forums around the world use. and they didn't reply until 10:04 am today indicating there were no vulnerabilities to OPF as our version didn't have the flaw!

I wish there would communicate in a clear unambiguous way! The patch is designed to be uploaded in a very easy fashion. The instructions should match that!

My apologies for any inconvenience by being off the air! We just want OPF to be the safest venue and so I guess safe is betty than sorry!

Asher
 
Last edited:

Doug Kerr

Well-known member
Hi, Asher,

Thanks so much for your diligence in this matter.

I'm sorry my 15-month-old post had to serve as the "bait".

Best regards,

Doug
 

John Angulat

pro member
Hi Asher,
Many thanks to you, Sean, and all the admins!
Most members are completely unaware of the mangnitude of effort it takes keeping OPF running on an even keel.
I greatly appreciate all your hard work!
 

StuartRae

New member
John Angulat said:
Most members are completely unaware of the mangnitude of effort it takes keeping OPF running on an even keel.

A bit like a swan.

Many thanks to the feet............

Regards,

Stuart
 

fahim mohammed

Well-known member
Let me add my thanks to Asher, Sean and the Admin. for their efforts. It does take a BIG effort to keep
OPF running smoothly.

Much appreciated. Much.


Hi Asher,
Many thanks to you, Sean, and all the admins!
Most members are completely unaware of the mangnitude of effort it takes keeping OPF running on an even keel.
I greatly appreciate all your hard work!
 
Top