Old 10th January 2011, 00:59   #1
osmosis
Major Dude
 
osmosis's Avatar
 
Join Date: Jan 2006
Location: Cananada
Posts: 839
..What about that security threat?

Why was the thread deleted before you addressed my question about user database safety? Are you trying to pretend the forums didn't get hacked?
osmosis is offline   Reply With Quote
Old 10th January 2011, 04:06   #2
djpete
Major Dude
 
djpete's Avatar
 
Join Date: Apr 2004
Location: Melbourne, Australia
Posts: 940
i am still getting this warning of trojan

Cheers, Pete

Anything & Everything Winamp - All In One Place...
Winamp Enthusiasts Group
djpete is offline   Reply With Quote
Old 10th January 2011, 05:43   #3
MrSinatra
Forum King
 
MrSinatra's Avatar
 
Join Date: Dec 2004
Location: WKPS, State College
Posts: 5,381
Send a message via AIM to MrSinatra
IE8 is still giving me unsafe website warnings and my java app is still telling me about war-arron.com

PENN STATE Radio or http://www.LION-Radio.org/
--
BUG #1 = Winamp skips short tracks
Wish #1 = Multiple Column Sorting
Wish #2 = Add TCMP/Compilation editing
MrSinatra is offline   Reply With Quote
Old 10th January 2011, 06:19   #4
osmosis
Major Dude
 
osmosis's Avatar
 
Join Date: Jan 2006
Location: Cananada
Posts: 839
Ah you're right. AdMuncher was why I wasn't seeing it anymore. Those guys are really fast to update their blocklists. Gotta love it.. However, still pretty disconcerting that the forums remain hacked.. And also that the original thread got removed.. Also by said hackers? Very sketchy stuff.
osmosis is offline   Reply With Quote
Old 10th January 2011, 07:12   #5
djpete
Major Dude
 
djpete's Avatar
 
Join Date: Apr 2004
Location: Melbourne, Australia
Posts: 940
mmm fixed.
Wow am I that powerful?
Sing out if you need anything else fixed world...
:-)

Cheers, Pete

Anything & Everything Winamp - All In One Place...
Winamp Enthusiasts Group
djpete is offline   Reply With Quote
Old 10th January 2011, 07:27   #6
gistbane
Corporate Drone
 
gistbane's Avatar
 
Join Date: Mar 2008
Location: Tucson, AZ
Posts: 32
Send a message via AIM to gistbane
As soon as I became aware of this (a few minutes ago) I found and removed the war-arron reference that had been inserted into the forum's footer template, and disabled the account responsible. We'll continue investigating to see if this is part of a larger problem or security risk, but hopefully this is just an isolated incident from a single hacked account.

Thanks, and sorry it took so long for this to be removed!
gistbane is offline   Reply With Quote
Old 10th January 2011, 08:04   #7
MrSinatra
Forum King
 
MrSinatra's Avatar
 
Join Date: Dec 2004
Location: WKPS, State College
Posts: 5,381
Send a message via AIM to MrSinatra
like osmosis, i would like to know what happened to the orig thread?

PENN STATE Radio or http://www.LION-Radio.org/
--
BUG #1 = Winamp skips short tracks
Wish #1 = Multiple Column Sorting
Wish #2 = Add TCMP/Compilation editing
MrSinatra is offline   Reply With Quote
Old 10th January 2011, 12:37   #8
djpete
Major Dude
 
djpete's Avatar
 
Join Date: Apr 2004
Location: Melbourne, Australia
Posts: 940
glad its sorted anyway.
Thanks

Cheers, Pete

Anything & Everything Winamp - All In One Place...
Winamp Enthusiasts Group
djpete is offline   Reply With Quote
Old 10th January 2011, 16:04   #9
osmosis
Major Dude
 
osmosis's Avatar
 
Join Date: Jan 2006
Location: Cananada
Posts: 839
Thanks gristbane. So, why was the original thread removed - was that also the hacker? And, of course, are our accounts/passwords safe?
osmosis is offline   Reply With Quote
Old 10th January 2011, 18:34   #10
swingdjted
DRINK BEER NOW
(Forum King)
 
swingdjted's Avatar
 
Join Date: Feb 2006
Location: Northern West Virginia
Posts: 9,990
Send a message via AIM to swingdjted Send a message via Yahoo to swingdjted
Ditto to the above post - the GD thread was locked too. I think the clock that existed at the bottom of each page has disappeared.

Don't forget to live before you die.
swingdjted is offline   Reply With Quote
Old 16th January 2011, 04:14   #11
osmosis
Major Dude
 
osmosis's Avatar
 
Join Date: Jan 2006
Location: Cananada
Posts: 839
Wow Nullsoft/AOL, thanks for caring..
osmosis is offline   Reply With Quote
Old 29th January 2011, 23:35   #12
mhein
Junior Member
 
Join Date: Jan 2011
Posts: 4
My Own experience after becoming a member...

Hi Folks,
Well everything seems normal today.... but I just signed up for an account yesterday (yea, I know I've been using Winamp since it became available!).
Anywho, I was VERY surprised yesterday after getting signed-up when Malwarebytes shut be out of the Forums here!! Warning statement that there was some nasty crap going on.
Today (1/29/11) here I am. Everything is normal. My hats off to this forums security team! As they've stated, it's a constant juggling game to keep the hackers out of here. I have no animosity towards the team running this Forum!
Just my 2 cents... Mark
mhein is offline   Reply With Quote
Old 11th February 2011, 16:36   #13
osmosis
Major Dude
 
osmosis's Avatar
 
Join Date: Jan 2006
Location: Cananada
Posts: 839
AGAIN!? Excuse my language.. But what the fuck?

Get it right this time, and answer my goddamn questions about ongoing security for the users of this forum.

Request: A little SmartView Query Language love.
osmosis is offline   Reply With Quote
Old 11th February 2011, 17:06   #14
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,817
We're investigating it.
Looks like we need to install an upgrade patch...

It's fixed again, for now.
Thanks for bearing with us! :-)
DJ Egg is offline   Reply With Quote
Old 11th February 2011, 20:28   #15
MrSinatra
Forum King
 
MrSinatra's Avatar
 
Join Date: Dec 2004
Location: WKPS, State College
Posts: 5,381
Send a message via AIM to MrSinatra
yeah, there def was a problem yesterday, but i only saw what looked like an upgrade/reinstall in progress.

why hackers pick on a site like this tho is beyond me.

PENN STATE Radio or http://www.LION-Radio.org/
--
BUG #1 = Winamp skips short tracks
Wish #1 = Multiple Column Sorting
Wish #2 = Add TCMP/Compilation editing
MrSinatra is offline   Reply With Quote
Old 11th February 2011, 20:39   #16
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,817
Issue solved. Problem fixed. All systems secured! :-)
DJ Egg is offline   Reply With Quote
Old 12th February 2011, 00:06   #17
osmosis
Major Dude
 
osmosis's Avatar
 
Join Date: Jan 2006
Location: Cananada
Posts: 839
Are our accounts/passwords safe? (From both this, and the previous threat?)

Request: A little SmartView Query Language love.
osmosis is offline   Reply With Quote
Old 12th February 2011, 23:01   #18
swingdjted
DRINK BEER NOW
(Forum King)
 
swingdjted's Avatar
 
Join Date: Feb 2006
Location: Northern West Virginia
Posts: 9,990
Send a message via AIM to swingdjted Send a message via Yahoo to swingdjted
I'm thankful for the work you guys are doing, but would it be ok to ask for more information, or does giving it pose more security issues? Either way, I appreciate you handling it and am glad this forum is still mostly stable.

Don't forget to live before you die.
swingdjted is offline   Reply With Quote
Old 14th February 2011, 10:06   #19
DrO
 
Join Date: Sep 2003
Posts: 27,873
if there was an issue with compromised accounts then i think either those involved would have been informed or something like what SourceForge did with a forced password reset would have been done. i've not seen either happen so i'd like to think all is ok now. and regular changing of passwords should be the norm no matter what else is going on

-daz
DrO is offline   Reply With Quote
Old 14th February 2011, 20:36   #20
osmosis
Major Dude
 
osmosis's Avatar
 
Join Date: Jan 2006
Location: Cananada
Posts: 839
Thanks for an answer Daz.. I was just getting a bit frustrated considering it was the first thing I asked the last time it happened, and then that thread got mysteriously removed.. and again I asked, and then it happened again, and I asked again.. and you're the first to address it. So thanks again for that. Glad to know all is safe. And thank you to the Winamp teams for being quick to fix the site when these problems do arise. Only times I've ever seen the forums compromised. Twice in 5 years isn't that bad!

Request: A little SmartView Query Language love.
osmosis is offline   Reply With Quote
Old 14th February 2011, 21:04   #21
DrO
 
Join Date: Sep 2003
Posts: 27,873
no idea about other threads (though to keep things in check whilst working out wtf is going on would make sense to remove / hide threads in the interim) as i don't know what happened with the first instance (was off the pc for a full weekend for a change when it happened) but if anything had been compromised then i really expect those involved to be notified and i'm not aware of that having happened.

-daz
DrO is offline   Reply With Quote
Old 15th February 2011, 02:28   #22
MrSinatra
Forum King
 
MrSinatra's Avatar
 
Join Date: Dec 2004
Location: WKPS, State College
Posts: 5,381
Send a message via AIM to MrSinatra
i'm not really complaining, and i appreciate what DrO said, but i'm not really comfortable with the "no response is an answer" paradigm. personally, i use loose pwords i don't entrust important info to on sites like this, so i'm not worried, but i do believe the official admin here should pipe up and give official answers. jmho, not gonna stress over it.

PENN STATE Radio or http://www.LION-Radio.org/
--
BUG #1 = Winamp skips short tracks
Wish #1 = Multiple Column Sorting
Wish #2 = Add TCMP/Compilation editing
MrSinatra is offline   Reply With Quote
Old 15th February 2011, 23:00   #23
DJ Egg
Techorator
Winamp & SHOUTcast Team
 
Join Date: Jun 2000
Posts: 35,817
http://forums.winamp.com/showthread.php?t=327366 !!!!!
DJ Egg is offline   Reply With Quote
Old 15th February 2011, 23:13   #24
DrO
 
Join Date: Sep 2003
Posts: 27,873
and now we have an official answer.

and just to clarify, my previous two posts were correct against the information which i knew off at the time of posting especially with the aspect of regularly changing passwords.

-daz
DrO is offline   Reply With Quote
Old 15th February 2011, 23:28   #25
osmosis
Major Dude
 
osmosis's Avatar
 
Join Date: Jan 2006
Location: Cananada
Posts: 839
womp womp :/

Thanks for the detailed FAQ, Egg.

Just out of curiosity, how hard is it to crack the encryption used to hash the passwords?

Request: A little SmartView Query Language love.
osmosis is offline   Reply With Quote
Old 15th February 2011, 23:36   #26
QOAL
[STILL a retard!]
 
QOAL's Avatar
 
Join Date: Apr 2002
Location: Bristol, UK
Posts: 1,168
Personally I'm disappointed that it took until the last attack on the 11th to get this issue fixed, when it was seemingly first exploited on the 9th on January!
It seemed like we were actively being fobbed off with 'well we dealt with that guy, so it's fine now' even though the forum software was out of date and it was repeatedly being exploited.

However I am pleased to see DJ Eggs post in GD and to learn of the actions taken.

Considering (I googled this to check) the hash algo for vbulletin uses MD5, which in these modern times is trivial to generate collisions for; have the passwords of all authority members been reset (I'm mostly asking as there are several people with moderation privileges that haven't been active in a while) not that many attackers would find reason to hijack such an account, but still.

Lastly, any chance of getting the time back at the bottom of the page? (it was beneath the posting rules and forum jump, centred)

And offtopic: Pleased that AJAX posting is now disabled? (as it stops the double posting)

count!last.fmdastylishplanner
QOAL is online now   Reply With Quote
Old 16th February 2011, 00:04   #27
swingdjted
DRINK BEER NOW
(Forum King)
 
swingdjted's Avatar
 
Join Date: Feb 2006
Location: Northern West Virginia
Posts: 9,990
Send a message via AIM to swingdjted Send a message via Yahoo to swingdjted
Thank you for posting the explanation and FAQ. That was very helpful and I'm sure clears up all the confusion. I think that's what all the members were looking for, and now we know what to do about it.

Don't forget to live before you die.
swingdjted is offline   Reply With Quote
Old 16th February 2011, 00:24   #28
getraf
Junior Member
 
Join Date: Sep 2010
Posts: 20
Agreed. Thanks for the link to the FAQ.
getraf is offline   Reply With Quote
Old 16th February 2011, 00:45   #29
MrSinatra
Forum King
 
MrSinatra's Avatar
 
Join Date: Dec 2004
Location: WKPS, State College
Posts: 5,381
Send a message via AIM to MrSinatra
very happy with the responsibility shown here, even if its a bit delayed.

PENN STATE Radio or http://www.LION-Radio.org/
--
BUG #1 = Winamp skips short tracks
Wish #1 = Multiple Column Sorting
Wish #2 = Add TCMP/Compilation editing
MrSinatra is offline   Reply With Quote
Old 16th February 2011, 01:14   #30
Quatrix
Junior Member
 
Join Date: Dec 2009
Posts: 4
Unfortunately there's a lot of paranoia and ignorance out there regarding security, and many people will see the email and jump to far-fetched conclusions, regardless of the FAQ. There will undoubtedly be someone who sees a sketchy credit card charge six months from now and tries to link it to this somehow.
Quatrix is offline   Reply With Quote
Old 16th February 2011, 02:00   #31
getraf
Junior Member
 
Join Date: Sep 2010
Posts: 20
True. Some of the responsible things Winamp can do is continue communicating with it's users and have the people helping other people be consistent so as minimize any additional damage. But yes, there seem to be a lot of vocal, unreasonable people out there. Tin foil hats for everyone. ;-)
getraf is offline   Reply With Quote
Old 16th February 2011, 04:38   #32
sunk818
Junior Member
 
Join Date: Nov 2007
Posts: 48
I'm glad every site I am on has a unique password. I'm scared for those who have the same password on multiple sites. The criminals will now take these login and passwords and hit them against every major destination on the web (web services, email, shopping, etc).

I think WinAmp Forum security should have reset all passwords by default.
sunk818 is offline   Reply With Quote
Old 16th February 2011, 05:56   #33
Tobes
Junior Member
 
Join Date: Mar 2005
Posts: 11
im not sure the passwords can be accessed, I run my own forum and Vbulletin doesnt show passwords in the database its all this MD5 hash stuff, and I think were probably safe, was the db downloaded?

regards

Tobes
Tobes is offline   Reply With Quote
Old 16th February 2011, 06:12   #34
sunk818
Junior Member
 
Join Date: Nov 2007
Posts: 48
You can't use MD5 hash, but it is easy enough to reverse engineer to get a plain text password that you can use in production environments. In any event, its not a big deal if you used a unique password. I'm just dismayed that this type of security keeps getting compromised... Gawker was a big mess... I just don't feel like software developers are doing their jobs very well.
sunk818 is offline   Reply With Quote
Old 16th February 2011, 06:41   #35
Tobes
Junior Member
 
Join Date: Mar 2005
Posts: 11
Quote:
Originally Posted by sunk818 View Post
You can't use MD5 hash, but it is easy enough to reverse engineer to get a plain text password that you can use in production environments. In any event, its not a big deal if you used a unique password. I'm just dismayed that this type of security keeps getting compromised... Gawker was a big mess... I just don't feel like software developers are doing their jobs very well.
yeh i just did a very quick search and found MD5 is very easy to hack, oooops

I have to agree with you WinAmp is a multi million pound company, if they cant keep their Vbulltin license and forum updated that is a rather big joke, god knows how many of the community have been compromised

T
Tobes is offline   Reply With Quote
Reply
Go Back   Winamp & SHOUTcast Forums > Winamp > Winamp Site Design

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump