Tech~Covo

Press about phpBB.com crack

Juanm — Wed, 11 Feb 2009 08:09:43 +0100

Some facts about the PHPList vulnerability and the phpbb.com hack A few days ago phpbb.com was hacked through a super-globals-overwrite vulnerability in PHPList that was used by an attacker for a local file inclusion exploit. [--cut] From the explanation it seems that the PHP installation on phpbb.com was more or less a default one that was not hardened against attacks at all, but I will get into this later. First I want to shed some light on the super-globals-overwrite vulnerability in...

[...]

phpBB.com back online

Juanm — Wed, 11 Feb 2009 08:08:13 +0100

Acyd Burn @ phpBB.com,Feb 10, 2009 23:11:01 wrote:As you probably know, we were attacked for unknown reasons by an individual using an exploit against our PHPList installation within hours of the exploit being publicly posted on a well-known exploit site. Facilitated by mistakes and - in retrospect mistaken - performance considerations in our server setup, the attacker was able to steal all email addresses from our mailing list, as well as the password hashes from this board's database. And...

[...]

phpBB.com back online

Juanm — Wed, 11 Feb 2009 08:08:13 +0100

What happened yesterday

Juanm — Mon, 02 Feb 2009 08:18:50 +0100

As you might have already seen from this global announcement yesterday morning, phpBB.com server was cracked by a script kid who exploited a vulnerability on phplist found surfing through a 'security' site, and then leaked the stolen data with the world. No vulnerability was found into phpBB3 itself. Please note that your account on phpbb.com might have been compromised (e.g. : password leaked) if you didn't login after the conversion to the new password hashing system (MD5 can be...

[...]

Emergency notice

Juanm — Sun, 01 Feb 2009 09:32:08 +0100

ToonArmy wrote:You can help by notifying a team member by PM if you find any sites hosting or linking to the stolen data from phpBB.com. (contacts here (301), details here) Channel topic #phpbb - 7:43 UTC+1 2/1/2009 We are sorry to report that we have been attacked through a vulnerability in an outdated PHPList installation. phpBB.com will remain unavailable while we work to recover. No new vulnerabilities have been found in the phpBB software itself. | phpBB 3.0.4 available from...

[...]

RSS troubles (fixed)

Juanm — Sun, 25 Jan 2009 21:31:58 +0100

Hi, there were some troubles in the past days with RSS feeds hanging around. Let's see: blog related category feed (fetched elsewhere) Read timed out on January 19th from 17:16:23 to 18:13:17board related (in homepage) - lock cannot be obtained on january 21st from 11:15:01 to 11:30:23download area RSS (fetched in homepage too) Read timed out today (january 25th) from 04:51 to 06:53We apologize for each inconvenience this could cause ...

[...]

Many feeds moved

Juanm — Tue, 20 Jan 2009 08:01:03 +0100

Hi, As you might have noted, all feeds have been moved, and in the meanwhile a little page restructuring was in order. If you are a subscriber and you don't want the 301 redirect, replace feed. with feed2. into your feedreader address. Of course this doesn't affect the few self-hosted feeds you might find around

[...]

2.0.x MODs of mine disc

Juanm — Sat, 17 Jan 2009 15:10:27 +0100

All MODs of mine related to phpBB 2.0.x are discontinued since January 1st 2009 due to phpBB Group discontinuing support for 2.0.x line. No more updates will be released.    Cricca guestbook due to its peculiarity (taken over from 3rd part by me and then with two unofficial release hanging around elsewhere) might receive some basic support, but nothing more. No replacement is available for Olympus yet and there's nothing in the workload at least for now.

[...]

Album feed reactivated

Juanm — Thu, 15 Jan 2009 11:31:10 +0100

It was down since the site conversion, happened on August 3rd, 2008. Now the photoalbum RSS feed has been brought to a new life. As an addition, latest posts, latest downloads, latest album photos appear on the right side of the home page too. Have fun

[...]

Windows 7 beta available 'til january 24th

Juanm — Mon, 12 Jan 2009 07:49:45 +0100

On january 10th both the Windows 7 download page and Microsoft.com were intermittently unreachable despite the "additional infrastructure support to the Microsoft.com properties" announced on jan 10th 2009, 03:53:00 . Then a new post was made on win7 team blog yesterday night I know many of you have had issues with the Windows 7 Beta site over the last 24 hours. As you may have noticed the download site has been up and running smoothly since this morning. That said, we apologize for...

[...]