Archive For March, 2007

Don’t forget that I always run a *buy any 2 skins get a 3rd skin of your choice free* promotion The details are right here (http://www.extremepixels.com/promo.php).

We will be switching the IPS Company Forums from username to email login on March 22, 2007.

We are preparing to apply IP.Converge to the company forums, customer database on IP.Nexus, and other areas that are forthcoming. The IP.Converge application requires email as the login method so we are going to apply this change a few days early to allow everyone to get used to the change.

Also, please take a moment to be sure your IPS customer account login and forum account login are using the same email address. Although not strictly needed, it will allow the merging of your accounts in the coming days to be much easier.

This is the first step in the introduction of some new products and services we are in the final stages or completing. Keep an eye on the IPS blog over the next week for updates and information.

I’d like to officially welcome Maurice (Xx liquid xX) to our small family here at eXtremepixels. He will be taking over for Ehren the former IPB coder.

Maurice has been on the design team at invisionize.com since 2005 and has a great knowledge of the IPB system. He will be a great asset to our…

I have uploaded GARS 2.1.5 to the download section for active license holders. Make sure that you read the *release thread*…

vBadvanced has finally been moved to it’s new server. The new server includes a better processor and more RAM, so hopefully things will be running very smoothly around here. As with any server move, it may take up to 48 hours for the DNS servers to be fully updated. Until that time, you can still…

Hello everyone,

Several customers have requested a *branding removal option for vBSEO*.
Image: http://www.vbseo.com/images/site/vbseo30-nobrand.gif
While this is _not yet available_, it is planned for later in 2007 (date yet to be determined).

In the meantime, we are pleased to inform you that were are currently offering: *3 vBSEO Branding Removal Options* to vBSEO customers, by eBay auction.

*This is an exclusive and limited time offer.*

If you are interested in branding removal, please be sure to visit one of the 3 auctions to place your bid ASAP:
* eBay: “Copyright Removal Option” for vBSEO 3.0 GOLD (item 320088473619 end time Mar-05-07 13:04:42 PST) (http://cgi.ebay.com/Copyright-Removal-Option-for-vBSEO-3-0-GOLD_W0QQitemZ320088473619QQihZ011QQcategoryZ4291QQssPageNameZWDVWQQrdZ1QQcmdZViewItem)
* eBay: “Copyright Removal Option” for vBSEO 3.0 GOLD (item 320088473907 end time Mar-05-07 13:05:24 PST) (http://cgi.ebay.com/Copyright-Removal-Option-for-vBSEO-3-0-GOLD_W0QQitemZ320088473907QQihZ011QQcategoryZ4291QQssPageNameZWDVWQQrdZ1QQcmdZViewItem)
* eBay: “Copyright Removal Option” for vBSEO 3.0 GOLD (item 320088474001 end time Mar-05-07 13:05:44 PST) (http://cgi.ebay.com/Copyright-Removal-Option-for-vBSEO-3-0-GOLD_W0QQitemZ320088474001QQihZ011QQcategoryZ4291QQssPageNameZWDVWQQrdZ1QQcmdZViewItem)

Based on interest, we will determine when to proceed with offering copyright removal to all vBSEO customers.

Please take a second to answer the poll included with this announcement.

*Note:* *_Only 3 options are available_* - No others will be provided until official release later this year.

*Please remember:* This auction is for a vBSEO Branding/Copyright Removal option only. It does NOT include a vBSEO license. Be sure to read the complete “Terms & Conditions” provided within the auction description at eBay.

*Happy Bidding! :)*

Ehren my IPB coder no longer is working here.

If you know of anybody looking to pick up some extra $$ and join the EP team please PM me for details. Please be sure to include examples of work / resume.

Just a quick note to let you know that vbulletin has released a new version to fix an exploit: *3.6.5
*Thre is NO TEMPLATE changes in this new version and all of the 3.6.4 Skin will work flawlessly with 3.6.5, no need to UPGRADE

—Quote—
*vBulletin 3.6.5*

This morning, an exploit was…

Hello everyone,

We are happy to let you know that a winning logo (http://www.sitepoint.com/marketplace/contestentrant/873/166963?#entry46776) has been selected by the vBHackers team.

Image: http://www.vbhackers.com/images/vbhackers-winning-logo.gif

The winning entry, provided by GFXteam (http://www.sitepoint.com/forums/member.php?u=166963), will be adapted for use here on the vBHackers forum when we re-launch in the coming months. It received an overwhelming majority of staff voting points.

GFXteam will receive *$150 in cash + a free vBSEO license (http://www.vbseo.com/purchase/)*.

Please join us in congratulating him on his win.
On behalf of the vBHackers team, I would like to thank everyone who participated. When had some outstanding options. We consider the contest a great success and plan to launch similar fun activities again in the future.

Regards,

*From Vbulletin.com*

*vBulletin 3.6.5*

This morning, an exploit was reported, which affects vBulletin versions 3.5.x and 3.6.x. Although the report is inaccurate and the published exploit does not work as claimed unless a highly unlikely set of circumstances exist, it has highlighted a potential security issue in these vBulletin versions.

Therefore, we have decided to release updated versions, these being vBulletin 3.5.8 and 3.6.5. We recommend that all customers running vBulletin 3.5.x or 3.6.x upgrade to the appropriate version or apply the supplied patch as soon as possible.

It is worth noting that in order to exploit the problem highlighted by the report, the attacking user must satisfy the following conditions:
* Must already have moderator privileges
* Must share the same IP address (or the number of IP octets specified in the Admin Control Panel for IP address matching) with an existing administrator who is currently logged in to the Admin Control Panel
* Must know the Alt-IP and user agent (exact browser identification) of the administrator
* *OR* must know the license number of the site being attacked

Given these requirements, the privilege escalation exploit claimed by the report is almost impossible to achieve.

*Bugs Fixed in vBulletin 3.6.5*

*The Security Flaw*The reported security flaw described in this announcement, which could potentially allow a SELECT query to be hijacked, has been addressed.
*Safari Cookies*A problem where users of the Apple browser Safari would be logged off the system prematurely when vBulletin runs on specific servers has been resolved.
More info… (http://www.vbulletin.com/forum/bugs36.php?do=view&bugid=1116)
*Internet Explorer 7 Compatability*Much has been said about Microsoft’s decision to make the Javascript prompt() function throw a security warning whenever it is called. This change resulted in vBulletin’s text editor system throwing security warnings whenever a user tried to insert an image or an email link. The use of prompt() for Internet Explorer 7 users has now been discontinued in favour of an alternative method of collecting user input.
More info… (http://www.vbulletin.com/forum/bugs36.php?do=view&bugid=1263)

Additionally, improvements in Internet Explorer 7 mean that certain aspects of the vBulletin pop-up menu system, which were previously required to circumvent rendering issues, can now be bypassed. Most notable amongst these is the code that hides all
elements that would intersect with the menu when opened.
*Fix for Infractions Bug*A problem where infraction expiration was not cleaned-up properly has been addressed.
More info… (http://www.vbulletin.com/forum/bugs36.php?do=view&bugid=1448)
*Workaround for a FreeBSD Regular Expression Error on Login*Some users running recent versions of PHP running on FreeBSD have encountered a bug in the regular expression engine that caused an error to be shown when logging in. We have worked around this problem. However, it may still appear in other areas, so we are trying to find a proper fix for the issue.
*Updating your vBulletin to Fix the Potential Exploit*

There are two ways in which you can fix the potential exploit in your version of vBulletin:
1. *Full Upgrade*: The best way to fix the problem is to perform a full upgrade by downloading the complete 3.6.5 package from the vBulletin Members’ Area (http://members.vbulletin.com/) and following the regular upgrade instructions (http://www.vbulletin.com/docs/html/upgrade?manualversion=30602500).
2. *Patch*: A second option is to download the patch files discussed in this thread and upload them to your web server, overwriting the existing files. The patch is available from the Members’ Area patch page (http://members.vbulletin.com/patches.php) or you can find it attached to this thread.

Please note that vBulletin 3.6.5 requires at least *PHP 4.3.3* and *MySQL 4.0.16* or later.

*A Note Regarding vBulletin 3.6.6*

The publication of this exploit has required a swift release of an updated version to fix the published problem. The original intention for vBulletin 3.6.5 had been to include a number of other bug fixes and improvements that have been reported since 3.6.4.

Unfortunately, the necessity of bringing out a version quickly to fix the exploit has meant that many of these fixes have not had sufficient time to be fully tested to the extent that we would like and have therefore been kept back for vBulletin 3.6.6.

We understand that this may be frustrating to our customers, and in order to minimize the inconvenience, we have ensured that this vBulletin 3.6.5 release contains no template or phrase changes, which will hopefully make upgrading as painless as possible.

Tags: vbulletin exploit email admin control panel internet explorer 7 ip address safari security flaw javascript prompt browser identification address matching info internet currently logged escalation hijacked favour privilege .

---

« Previous Entries

---

---

Search