..What about that security threat?

[osmosis]

Why was the thread deleted before you addressed my question about user database safety? Are you trying to pretend the forums didn't get hacked?

[djpete1959]

i am still getting this warning of trojan

[MrSinatra]

IE8 is still giving me unsafe website warnings and my java app is still telling me about war-arron.com

[osmosis]

Ah you're right. AdMuncher was why I wasn't seeing it anymore. Those guys are really fast to update their blocklists. Gotta love it.. However, still pretty disconcerting that the forums remain hacked.. And also that the original thread got removed.. Also by said hackers? Very sketchy stuff.

[djpete1959]

mmm fixed.
Wow am I that powerful?
Sing out if you need anything else fixed world...
:-)

[gistbane]

As soon as I became aware of this (a few minutes ago) I found and removed the war-arron reference that had been inserted into the forum's footer template, and disabled the account responsible. We'll continue investigating to see if this is part of a larger problem or security risk, but hopefully this is just an isolated incident from a single hacked account.

Thanks, and sorry it took so long for this to be removed!

[MrSinatra]

like osmosis, i would like to know what happened to the orig thread?

[djpete1959]

glad its sorted anyway.
Thanks

[osmosis]

Thanks gristbane. So, why was the original thread removed - was that also the hacker? And, of course, are our accounts/passwords safe?

[swingdjted]

Ditto to the above post - the GD thread was locked too. I think the clock that existed at the bottom of each page has disappeared.

[osmosis]

Wow Nullsoft/AOL, thanks for caring..

[mhein]

Hi Folks,
Well everything seems normal today.... but I just signed up for an account yesterday (yea, I know I've been using Winamp since it became available!).
Anywho, I was VERY surprised yesterday after getting signed-up when Malwarebytes shut be out of the Forums here!! Warning statement that there was some nasty crap going on.
Today (1/29/11) here I am. Everything is normal. My hats off to this forums security team! As they've stated, it's a constant juggling game to keep the hackers out of here. I have no animosity towards the team running this Forum!
Just my 2 cents... Mark

[osmosis]

AGAIN!? Excuse my language.. But what the fuck?

Get it right this time, and answer my goddamn questions about ongoing security for the users of this forum.

[DJ Egg]

We're investigating it.
Looks like we need to install an upgrade patch...

It's fixed again, for now.
Thanks for bearing with us! :-)

[MrSinatra]

yeah, there def was a problem yesterday, but i only saw what looked like an upgrade/reinstall in progress.

why hackers pick on a site like this tho is beyond me.

[DJ Egg]

Issue solved. Problem fixed. All systems secured! :-)

[osmosis]

Are our accounts/passwords safe? (From both this, and the previous threat?)

[swingdjted]

I'm thankful for the work you guys are doing, but would it be ok to ask for more information, or does giving it pose more security issues? Either way, I appreciate you handling it and am glad this forum is still mostly stable.

[DrO]

if there was an issue with compromised accounts then i think either those involved would have been informed or something like what SourceForge did with a forced password reset would have been done. i've not seen either happen so i'd like to think all is ok now. and regular changing of passwords should be the norm no matter what else is going on

-daz

[osmosis]

Thanks for an answer Daz.. I was just getting a bit frustrated considering it was the first thing I asked the last time it happened, and then that thread got mysteriously removed.. and again I asked, and then it happened again, and I asked again.. and you're the first to address it. So thanks again for that. Glad to know all is safe. And thank you to the Winamp teams for being quick to fix the site when these problems do arise. Only times I've ever seen the forums compromised. Twice in 5 years isn't that bad!

[DrO]

no idea about other threads (though to keep things in check whilst working out wtf is going on would make sense to remove / hide threads in the interim) as i don't know what happened with the first instance (was off the pc for a full weekend for a change when it happened) but if anything had been compromised then i really expect those involved to be notified and i'm not aware of that having happened.

-daz

[MrSinatra]

i'm not really complaining, and i appreciate what DrO said, but i'm not really comfortable with the "no response is an answer" paradigm. personally, i use loose pwords i don't entrust important info to on sites like this, so i'm not worried, but i do believe the official admin here should pipe up and give official answers. jmho, not gonna stress over it.

[DJ Egg]

http://forums.winamp.com/showthread.php?t=327366 !!!!!

[DrO]

and now we have an official answer.

and just to clarify, my previous two posts were correct against the information which i knew off at the time of posting especially with the aspect of regularly changing passwords.

-daz

[osmosis]

womp womp :/

Thanks for the detailed FAQ, Egg.

Just out of curiosity, how hard is it to crack the encryption used to hash the passwords?

[QOAL]

Personally I'm disappointed that it took until the last attack on the 11th to get this issue fixed, when it was seemingly first exploited on the 9th on January!
It seemed like we were actively being fobbed off with 'well we dealt with that guy, so it's fine now' even though the forum software was out of date and it was repeatedly being exploited.

However I am pleased to see DJ Eggs post in GD and to learn of the actions taken.

Considering (I googled this to check) the hash algo for vbulletin uses MD5, which in these modern times is trivial to generate collisions for; have the passwords of all authority members been reset (I'm mostly asking as there are several people with moderation privileges that haven't been active in a while) not that many attackers would find reason to hijack such an account, but still.

Lastly, any chance of getting the time back at the bottom of the page? (it was beneath the posting rules and forum jump, centred)

And offtopic: Pleased that AJAX posting is now disabled? (as it stops the double posting)

[swingdjted]

Thank you for posting the explanation and FAQ. That was very helpful and I'm sure clears up all the confusion. I think that's what all the members were looking for, and now we know what to do about it.

[getraf]

Agreed. Thanks for the link to the FAQ.

[MrSinatra]

very happy with the responsibility shown here, even if its a bit delayed.

[Quatrix]

Unfortunately there's a lot of paranoia and ignorance out there regarding security, and many people will see the email and jump to far-fetched conclusions, regardless of the FAQ. There will undoubtedly be someone who sees a sketchy credit card charge six months from now and tries to link it to this somehow.

[getraf]

True. Some of the responsible things Winamp can do is continue communicating with it's users and have the people helping other people be consistent so as minimize any additional damage. But yes, there seem to be a lot of vocal, unreasonable people out there. Tin foil hats for everyone. ;-)

[sunk818]

I'm glad every site I am on has a unique password. I'm scared for those who have the same password on multiple sites. The criminals will now take these login and passwords and hit them against every major destination on the web (web services, email, shopping, etc).

I think WinAmp Forum security should have reset all passwords by default.

[Tobes]

im not sure the passwords can be accessed, I run my own forum and Vbulletin doesnt show passwords in the database its all this MD5 hash stuff, and I think were probably safe, was the db downloaded?

regards

Tobes

[sunk818]

You can't use MD5 hash, but it is easy enough to reverse engineer to get a plain text password that you can use in production environments. In any event, its not a big deal if you used a unique password. I'm just dismayed that this type of security keeps getting compromised... Gawker was a big mess... I just don't feel like software developers are doing their jobs very well.

[Tobes]

Quote:

Originally Posted by sunk818

You can't use MD5 hash, but it is easy enough to reverse engineer to get a plain text password that you can use in production environments. In any event, its not a big deal if you used a unique password. I'm just dismayed that this type of security keeps getting compromised... Gawker was a big mess... I just don't feel like software developers are doing their jobs very well.

yeh i just did a very quick search and found MD5 is very easy to hack, oooops

I have to agree with you WinAmp is a multi million pound company, if they cant keep their Vbulltin license and forum updated that is a rather big joke, god knows how many of the community have been compromised

T