[Discuss] Welcome Back phpBB.com

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Suggested Hosts
Locked
User avatar
RMcGirr83
Former Team Member
Posts: 21609
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: [Discuss] Welcome Back phpBB.com

Post by RMcGirr83 »

QA stands for quality assurance and as such their primary responsibility is to assure code remains highh quality......

Testing the code is responsibility of developers team.
/me shakes head

You really have no farken clue what so ever. Here let me define the term quality assurance for you...emphasis mine
a program for the systematic monitoring and evaluation of the various aspects of a project, service, or facility to ensure that standards of quality are being met
The developers are the ones to assure code remains high quality, the QA team ensures that the code does what it is supposed to do without mucking up the works.

Using your flawed logic if a company makes widgets it is your assertion that the QA team is responsible for the design of said widget and it is the engineers job to test that the widget works? Un-farken-believable.

"Developer"11 indeed. :roll:

Now before you state something else to make yourself look a bit more foolish, which I happen to think is completely impossible, try and engage your brain before posting again. Remember Google is your friend.
Appreciate the extensions/mods/support then buy me a beerImage
Former Modifications/Extensions Team Member | My extensions | github | All requests for support via PM will be ignored
Rhet-or-Ric
Registered User
Posts: 306
Joined: Sun Apr 06, 2008 1:38 pm

Re: [Discuss] Welcome Back phpBB.com

Post by Rhet-or-Ric »

.

Well, I was waiting for an answer to my earlier post before I posted this question, but ...

I am interested in something in Yurly's explanation that I don't quite understand.

The entry was made on the 12th and the discovery was made on the 14th, so that is at least 24 hours the illegal fella/gal could have been into the server and so I am wondering about this statement:
Code was added to record plaintext usernames and passwords to a log file. We have contacted the small group of people whose credentials were captured during the short period of time that the logger was active.
I'm not so sure I get that "short period of time" idea. I mean, how much stuff can be grabbed in 24 hours? Or is the meaning "was active" that the entry was made and then the illegal fella/gal just left a short time after that?

Or maybe these are questions someone would rather not answer because of security concerns?

.
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29295
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: [Discuss] Welcome Back phpBB.com

Post by Marshalrusty »

I said "short time" because of the relatively low number of users' passwords that were harvested, which was only 15, of which half were team members (we notified everyone by email). If that had been in place longer, then naturally more users would have been affected.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs
Rhet-or-Ric
Registered User
Posts: 306
Joined: Sun Apr 06, 2008 1:38 pm

Re: [Discuss] Welcome Back phpBB.com

Post by Rhet-or-Ric »

.
Please excuse my persistence, but I am trying to understand this event and that blog post isn't up yet, so ...

Per your response — and thank you for taking the time to respond — per your response I am getting the picture that this was a two-pronged attack. One prong placing the code in some special log file exclusive to/associated with area51 to be able to grab plain text data of a select "few" within that log file and the second prong being the collection of data of folks not in that special log file.

Am I understanding that correctly?

And the definition of "logger" in that statement is an/the attacker?

Actually, that word also brings up the question of your use of the plural form, attackers — has there been a determination that this attack was a team effort?

Again, thank you for taking time, when you can, to answer questions.

.
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29295
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: [Discuss] Welcome Back phpBB.com

Post by Marshalrusty »

One set of credentials acquired via the logging script on area51 were then used on www, so that appears to have been the purpose, yes.

I can tell you that we were contacted by the individuals responsible. They reported that there are two of them, that the purpose of the hack was "...just seeing how far we could get. All for fun. And experience.", and that they do not intend to release the data that was acquired.

Naturally, we cannot assume that last part to be true.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs
Rhet-or-Ric
Registered User
Posts: 306
Joined: Sun Apr 06, 2008 1:38 pm

Re: [Discuss] Welcome Back phpBB.com

Post by Rhet-or-Ric »

.

Thank you for taking the time to explain matters as you have.


.
developer11
I've Been Banned!
Posts: 24
Joined: Sun Dec 07, 2014 9:53 pm

Re: [Discuss] Welcome Back phpBB.com

Post by developer11 »

Marshalrusty wrote:One set of credentials acquired via the logging script on area51 were then used on www, so that appears to have been the purpose, yes.

I can tell you that we were contacted by the individuals responsible. They reported that there are two of them, that the purpose of the hack was "...just seeing how far we could get. All for fun. And experience.", and that they do not intend to release the data that was acquired.

Naturally, we cannot assume that last part to be true.
why did not you inform police when you were hacked?
Rhet-or-Ric
Registered User
Posts: 306
Joined: Sun Apr 06, 2008 1:38 pm

Re: [Discuss] Welcome Back phpBB.com

Post by Rhet-or-Ric »

.
With all due respect, developer11, I do not think matters related to law enforcement are, at this time, a good idea to be broadcasted to the general public via this site.

Those that the phpBB management team felt were in immediate danger, as was noted, and received email alerts might be entitled to such information and through email correspondence, but right now I don't think we regular folk are entitled to such information, yet. Please note the yet.

I am sure there will be folks that will disagree, but maybe we can keep from having any nasty yak-yak-yak about who agrees or disagrees or this or that and all that bla-bla-bla. Heck, it's the holidays and having nasty exchanges on any aspect of this whole rotten mess just seems so pointless when we should be thinking about peace and kindness and all that neat stuff that goes with the holiday season.

Oh well, just my two pennies on this subject of law enforcement involvement at this point in time.

.
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 4971
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: [Discuss] Welcome Back phpBB.com

Post by HiFiKabin »

developer11 wrote:
Marshalrusty wrote:One set of credentials acquired via the logging script on area51 were then used on www, so that appears to have been the purpose, yes.

I can tell you that we were contacted by the individuals responsible. They reported that there are two of them, that the purpose of the hack was "...just seeing how far we could get. All for fun. And experience.", and that they do not intend to release the data that was acquired.

Naturally, we cannot assume that last part to be true.
why did not you inform police when you were hacked?
... and you know they haven't notified the Police because ... ?

phpBB.com are managing this in the way they see fit. They do not have to tell you what they are doing, who that have informed and who was involved.

For some reason we seem to live in an atmosphere of instant blame and punishment.
The Red Queen wrote:Sentence first, verdict after
You will be told what phpBB.com want to tell you, when and if they want to tell you.

Deal with it and move on to annoy someone else.
developer11
I've Been Banned!
Posts: 24
Joined: Sun Dec 07, 2014 9:53 pm

Re: [Discuss] Welcome Back phpBB.com

Post by developer11 »

Yuriy said that info about what has been done will be made public so if you have any nasty words, they should be to Yuriy as he does not keep his word. I mean there is nothing bad in changing mind, but he should have informed about it.
User avatar
KaileyT
Community Team Member
Community Team Member
Posts: 2845
Joined: Mon Sep 01, 2014 1:00 am
Location: sudo rm -rf /
Name: Kailey Truscott
Contact:

Re: [Discuss] Welcome Back phpBB.com

Post by KaileyT »

Marshalrusty wrote:In due course, we plan to post a more detailed account of what was done in a blog post.
Emphasis mine. In due course could be today, tomorrow, next week, next month, etc. Personally, I couldn't care less what happened in the past. The site is back online, and as long as they took measures to prevent it from happening again, I don't see the problem here.

I have to wonder if you are projecting the onslaught of verbal abuse you're displaying here towards Sony and Microsoft because they got attacked too, rendering their services unavailable.
Kailey Truscott - Community Team
developer11
I've Been Banned!
Posts: 24
Joined: Sun Dec 07, 2014 9:53 pm

Re: [Discuss] Welcome Back phpBB.com

Post by developer11 »

kinerity wrote:
Marshalrusty wrote:In due course, we plan to post a more detailed account of what was done in a blog post.
Emphasis mine. In due course could be today, tomorrow, next week, next month, etc. Personally, I couldn't care less what happened in the past. The site is back online, and as long as they took measures to prevent it from happening again, I don't see the problem here.

I have to wonder if you are projecting the onslaught of verbal abuse you're displaying here towards Sony and Microsoft because they got attacked too, rendering their services unavailable.
Im against noone (and no company)..... Im just against not keeping one's word - no matter how one would be called (Sony, MS, phpbb etc).

As of due course - its not specific. Due course can as well be in 10 yrs time. Its far away from now but its due course....... when being on so important position as Yuriy is now, its not well-received to be not specific.
Last edited by developer11 on Sun Dec 28, 2014 1:42 pm, edited 1 time in total.
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 4971
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: [Discuss] Welcome Back phpBB.com

Post by HiFiKabin »

developer11 wrote:Yuriy said that info about what has been done will be made public so if you have any nasty words, they should be to Yuriy as he does not keep his word. I mean there is nothing bad in changing mind, but he should have informed about it.
Will be is the operative phrase there. It will be made public AS AND WHEN phpBB.com SEE FIT

What would you prefer? Inaccurate, potentially misleading and information that might delay further progress, or a wait for the correct information ONCE ANY INVESTIGATION HAS FINISHED.

Oh, you want it now :roll: Well you can't. Deal with it instead of being a pain in the arse.
developer11
I've Been Banned!
Posts: 24
Joined: Sun Dec 07, 2014 9:53 pm

Re: [Discuss] Welcome Back phpBB.com

Post by developer11 »

HiFiKabin wrote:
developer11 wrote:Yuriy said that info about what has been done will be made public so if you have any nasty words, they should be to Yuriy as he does not keep his word. I mean there is nothing bad in changing mind, but he should have informed about it.
Will be is the operative phrase there. It will be made public AS AND WHEN phpBB.com SEE FIT

What would you prefer? Inaccurate, potentially misleading and information that might delay further progress, or a wait for the correct information ONCE ANY INVESTIGATION HAS FINISHED.

Oh, you want it now :roll: Well you can't. Deal with it instead of being a pain in the arse.
As of words in red - its not when and as they see fit. Such info should be available as soon as they recovered from being hacked.
User avatar
Lumpy Burgertushie
Registered User
Posts: 68181
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: [Discuss] Welcome Back phpBB.com

Post by Lumpy Burgertushie »

did I miss the memo where it said that you get to decide what and when and how phpbb does things?

who died and made you king?

they did not and do not have to inform anyone about anything. just because you think something should be done a certain way means nothing. it is only your opinion and we all know what opinions are like.....


I can't believe your arrogance in thinking that your opinions of what phpbb should do matter to anyone but yourself. they don't.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
Locked

Return to “phpBB Discussion”