T-Shirt Forums banner

1 - 13 of 13 Posts

·
Premium Member
Joined
·
27,698 Posts
Yes, unfortunately some hackers go a hold of the script that powers many of the sites and found a way to exploit the script.

The script has been patched now, it's just a matter of the various site owners to update their installation.

I wish hackers gave security more advanced notifications directly to the script developer instead of trying to exploit holes. A similar thing happened (or happens) with the phpbb script.
 

·
Registered
Joined
·
302 Posts
Rodney said:
I wish hackers gave security more advanced notifications directly to the script developer instead of trying to exploit holes. A similar thing happened (or happens) with the phpbb script.
A lot of them do, it's the malicious ones that feel exploitation is a quicker way of going about getting software bugs fixed (which is true).

Which situation is going to bring about change more rapidly?

Hacker A sends a nice little e-mail to the Microsoft dev team alerting them to an exploit in Windows XP. The dev team notes the flaw and puts it on their "to do" list after prioritizing it.

Hacker B exploits the flawed code and then lets a thousand of his buddies know about it, then they do it. Soon, it's an epidemic and an article in the tech section on cnn.com.

:)
 

·
Premium Member
Joined
·
27,698 Posts
ph0yce said:
A lot of them do, it's the malicious ones that feel exploitation is a quicker way of going about getting software bugs fixed (which is true).
This is not always the case.

Which situation is going to bring about change more rapidly?
I'm not talking about dealing with a big microsoft corporation, I'm talking about sending a message to a small business that sells scripts.

They send security notices to vbulletin, menalto gallery, etc, and the issues get fixed right away.

I think the more ethical hackers tend to notify the company selling the script beforehand and give them a chance to make a patch. If the company doesn't react to the security issue, THEN they make it public.
 

·
Registered
Joined
·
302 Posts
Rodney said:
I'm not talking about dealing with a big microsoft corporation, I'm talking about sending a message to a small business that sells scripts.
My mistake, that's what I thought you meant when I read your post.

Rodney said:
I think the more ethical hackers tend to notify the company selling the script beforehand and give them a chance to make a patch. If the company doesn't react to the security issue, THEN they make it public.
Yes, that's what I said, that is the route the ethical hackers take. It's the unethical, malicious hackers that tend to make these issues public before contacting the developers.

How many more posts are you and I going to be involved in today that mention the word "ethics," Rodney? :eek:
 

·
Registered
Joined
·
344 Posts
I commend both of you for handling the whole situation with respect and not letting it get ugly. So many times I have seen forums that just got ruined for people who would argue back and forth, and get nasty and ugly with each other until all the forum members just stop coming around.
Good job to both of you.
Thomas
 
1 - 13 of 13 Posts
Top