Announcement

Collapse
No announcement yet.

Important Security Notice About ITarian Forums Accounts

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • fatih
    replied
    edit. I moved the message to a new topic here: https://forum.itarian.com/forum/gene...um-maintenance
    Last edited by fatih; 10-10-2019, 01:22 AM.

    Leave a comment:


  • fatih
    replied
    Right. The issue was definitely serious, and we missed some good practice, correct. And we are determined to provide a perfect experience to our users going forward and not miss any security practice, which I can see happening with all the teams here.

    edit: I'm been warned, rightfully, about the wording I used. "I can see happening with all the teams here" means I see all the teams are determined to provide the perfect experience. sorry, if there is a misunderstanding.
    Last edited by fatih; 10-02-2019, 04:04 PM.

    Leave a comment:


  • CompuWhizz
    replied
    Hmmm saying it doesn't mean implementing it, which as you found out was seriously deficient.

    Leave a comment:


  • fatih
    replied
    As you can read from the announcement security is one of the highest concern we have.The vulnerability was found on vBulletin and they have released a patch on 25th of Sept, which we became aware and took action immediately. Nevertheless that incident still happened. We're working continuously on improving our security practices to not have this kind of issues.

    Leave a comment:


  • CompuWhizz
    replied
    Did you draw the short straw to be the one who had to post this in the forums? The handling of this exposes serious deficiencies in Comodo and Itarian's security practices.

    Leave a comment:


  • fatih
    started a topic Important Security Notice About ITarian Forums Accounts

    Important Security Notice About ITarian Forums Accounts

    At ITarian, we take security very seriously, and it is our highest priority. Very recently a new vulnerability in the vBulletin software, which is one of the most popular server applications for website comments including the ITarian Forums, was made public. On 9/25/2019 a patch for the vBulletin application was announced, and we scheduled our forums for an upgrade. Over the weekend, 4:57 am ET on 9/29/2019, we became aware that this security flaw in the vBulletin software had become exploited, resulting in a potential data breach.
    Our IT infrastructure team immediately took steps to mitigate the exploit by taking the forums offline and applying the recommended patches.

    Who has been affected and what data has been potentially accessed?
    An unknown attacker exploited the recently discovered vBulletin vulnerability and potentially gained access to the forums database. User accounts contain information such as Username, name, e-mail address, last IP used to access the forums and if used potentially some IRC/Social Media usernames (at less than 1%). All user passwords in the database were stored encrypted. ITarian forums currently have around 45,300 registered users.

    What should forum users do?
    While account passwords were encrypted, we recommend that forums users should immediately change their passwords, as a precautionary measure. We encourage good password practices such as strong random passwords and not sharing your passwords across different Internet accounts.

    We have the utmost regret for any inconvenience or distress this vulnerability may have caused you, our users. As members of our community of ITarian Forum users, we want to reassure you all that we have put in place measures to ensure that vulnerabilities in third-party software, such as vBulletin, will be patched immediately when patches become available.
Working...
X