Malwarebytes Forum Hacked ?

Discussion in 'other security issues & news' started by rrrh1, Nov 21, 2014.

  1. rrrh1

    rrrh1 Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    202
    There is a report Malwarebytes forum may have been compromised ?

    But I guess they are completely overworked I am getting:

    Service Unavailable

    The service is temporarily unavailable. Please try again later.

    at their website:

    http://forums.malwarebytes.org/index.php

    rrrh1
     
  2. digmor crusher

    digmor crusher Registered Member

    Joined:
    Jul 6, 2012
    Posts:
    424
    Location:
    Canada
    I was offline yesterday but was working this morning, I cannot access it right now either, must be more problems.
     
  3. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    If IPB is so known for vulnerabilities then they should use something else like SMF, VBB or Xenforo.
     
  4. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    334
    [WARNING: ANGRY DRUNKEN RESPONSE AHEAD]

    Yup the forum was compromised and they issued a password reset for all members before they could login. Currently offline again (who can say why) but they may just be upgrading it :O hah.

    Yes it seems silly that security product vendors don't use their own forum setups instead relying on 'easy' 3rd party setups but sadly it is also commonplace. You'd think some would learn a lesson and move onto their own setup instead but even vendors I trust (eg eset) continue to use the same forum software after it's been breached more than once.

    /begin rant
    Don't get me wrong, I like Malwarebytes, I love MBAE....but twas still silly and it will eventually happen again..... using a vulnerable forum software over and over is like using a bad AV over and over, it's not likely to get any better suddenly so replace it already. Make your own if you must but eventually even those who love your software will lose faith if you can't secure your own forum. (NOT saying that is why it is offline atm.)

    On the other side of the coin, I can understand why they would want to use a 3rd party (specialized) forum vendor that will save time and money. I don't fault them by default for this. As can be seen everywhere however the more popular something is, the more it is likely to be targeted and vulnerabilities found and then exploited.

    So here again comes up "Windows" anyone? Yes it is highly targeted. Often breached, often updated and like a fool I continue to use it. User hypocrisy much? Perhaps....

    It's just my noob opinion that security product vendors should do more to audit the products they use instead of trusting then raising hands claiming "it wasn't our fault."
    (NOT saying this is what happened in this case~just a generalized dislike of the commonplace responses these days.)
    /end rant

    Love you Malwarebytes! I don't blame you....yet! =)
     
    Last edited: Nov 21, 2014
  5. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    What, has it been breached again? o_O
     
  6. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    Forum is working again, albeit everyone isnt happy

    https://forums.malwarebytes.org/index.php?/topic/161236-malwarebytesorg-comprimised/

    So they trust IPB's server's more than their own?
     
  7. syrinx

    syrinx Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    334
    I think as they are using the forum software either way they are actually correct, allowing the forum soft vendors to handle the hosting and patching is likely to close the gap between discovery and fixes and potentially mitigate further issues. If however MB forums are among the first targeted by some new exploit it may not help much...

    My last post came across much harsher than it should have but I just find the situation silly. I really should just learn not to post while drunk! /me slaps self.
     
  8. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Agreed :D
     
Loading...