[BurnTees]

what's up with this? So far tshirtcountdown is like the only site that hasn't been hacked and removed. Anyone else notice?

 

[Rodney]

Yes, unfortunately some hackers go a hold of the script that powers many of the sites and found a way to exploit the script.

The script has been patched now, it's just a matter of the various site owners to update their installation.

I wish hackers gave security more advanced notifications directly to the script developer instead of trying to exploit holes. A similar thing happened (or happens) with the phpbb script.

 

[TeeShirtSamurai]

I wish hackers gave security more advanced notifications directly to the script developer instead of trying to exploit holes. A similar thing happened (or happens) with the phpbb script.

A lot of them do, it's the malicious ones that feel exploitation is a quicker way of going about getting software bugs fixed (which is true).

Which situation is going to bring about change more rapidly?

Hacker A sends a nice little e-mail to the Microsoft dev team alerting them to an exploit in Windows XP. The dev team notes the flaw and puts it on their "to do" list after prioritizing it.

Hacker B exploits the flawed code and then lets a thousand of his buddies know about it, then they do it. Soon, it's an epidemic and an article in the tech section on cnn.com.

 

[Rodney]

A lot of them do, it's the malicious ones that feel exploitation is a quicker way of going about getting software bugs fixed (which is true).

This is not always the case.

Which situation is going to bring about change more rapidly?

I'm not talking about dealing with a big microsoft corporation, I'm talking about sending a message to a small business that sells scripts.

They send security notices to vbulletin, menalto gallery, etc, and the issues get fixed right away.

I think the more ethical hackers tend to notify the company selling the script beforehand and give them a chance to make a patch. If the company doesn't react to the security issue, THEN they make it public.

 

[TeeShirtSamurai]

I'm not talking about dealing with a big microsoft corporation, I'm talking about sending a message to a small business that sells scripts.

My mistake, that's what I thought you meant when I read your post.

I think the more ethical hackers tend to notify the company selling the script beforehand and give them a chance to make a patch. If the company doesn't react to the security issue, THEN they make it public.

Yes, that's what I said, that is the route the ethical hackers take. It's the unethical, malicious hackers that tend to make these issues public before contacting the developers.

How many more posts are you and I going to be involved in today that mention the word "ethics," Rodney?

 

[Rodney]

How many more posts are you and I going to be involved in today that mention the word "ethics," Rodney?

3.5 more according to my calculations

 

[badalou]

Ok guys, kiss and make up..

 

[skulltshirts]

I commend both of you for handling the whole situation with respect and not letting it get ugly. So many times I have seen forums that just got ruined for people who would argue back and forth, and get nasty and ugly with each other until all the forum members just stop coming around.
Good job to both of you.
Thomas

 

[BurnTees]

Yes, unfortunately some hackers go a hold of the script that powers many of the sites and found a way to exploit the script.

do all of the rating sites use the same script?

 

[Rodney]

do all of the rating sites use the same script?

I don't know if they all do, but a lot of them do use the same script.

 

[BurnTees]

so where does everyone get this script?

 

[Rodney]

so where does everyone get this script?

I can't really post the link without breaking the self promotion rule , but you can easily find it by visiting the topsites and looking around.

 

[Comin'OutSwingin]

I can't really post the link without breaking the self promotion rule

Exactly! You wouldn't want the guy that runs this thing to ban you!