Forums

This topic is locked

UPGRADE these Forums!!

Posted 23 Jun 2006 20:21:42
1
has voted
23 Jun 2006 20:21:42 Joel Rea posted:
You’re still using Snitz Forums 2000 Version 3.1 SR4. That’s old, buggy (for instance, when editing a post, sometimes the [Preview] button appears, and sometimes it doesn’t, and even when it does, it sometimes shows a preview of the <i>original</i> post before <i>any</i> edits were done! Sometimes, posting an Edit causes a Server Crash!), and insecure (many exploits are available for older versions).

The latest version is 3.4.05.

Edited by - MMCC on 23 Jun 2006 20:22:59

Replies

Replied 11 Jul 2006 17:49:24
11 Jul 2006 17:49:24 Janusz Jasinski replied:
As if they care - any professional would go to devsheds.com!

Also how the heck can I change my profile? I can't find any links whatsoever!

[Win XP] &#8226; [Windows 2003 Server] &#8226; [SuSE 9.2 Pro] &#8226; [FreeBSD 5.3] &#8226; [Macromedia Studio 2004] &#8226; [ASP.NET] &#8226; [ASP] &#8226; [PHP] &#8226; [C#] &#8226; [(DH)(XH)(HT)(X)ML] &#8226; [CSS] &#8226; [VB] &#8226; [Java] &#8226; [Making Lasagne]
Replied 11 Jul 2006 18:22:17
11 Jul 2006 18:22:17 Roddy Dairion replied:
Click on the button user found next to the logout button. And Joel Rea i never came accross any problem u've said. Janusz Jasinski not everybody is pro like you. <img src=../images/dmxzone/forum/icon_smile_wink.gif border=0 align=middle>
Replied 11 Jul 2006 18:38:04
11 Jul 2006 18:38:04 Joel Rea replied:
<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>And Joel Rea i never came accross any problem u've said.<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>
Guess what? I&rsquo;ve never been to Tokyo, Japan, but I don&rsquo;t call people who claim that it exists liars just because their experiences exeed my own.

The simple fact is that the Forum software currently in use here is old, outdated, buggy, and insecure. Several <i>critical required</i> updates have been released since this version. This information comes right from the Snitz Forums website itself. This is the word of the people who <i>made</i> this Forum software. Are you calling <i>them</i> liars, too?
Replied 12 Jul 2006 11:19:43
12 Jul 2006 11:19:43 Roddy Dairion replied:
I didn't say u or anyone else were liars. Just becoz a BMW is better than a Toyota doesn't mean that we can't drive a Toyota. Bottom line is we have it we use it. When they'll see that it needs changing, it will be changed.
Thanx for the suggestion though.

Edited by - roders22 on 12 Jul 2006 11:22:09
Replied 12 Jul 2006 18:29:00
12 Jul 2006 18:29:00 Joel Rea replied:
<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
I didn't say u or anyone else were liars. Just becoz a BMW is better than a Toyota doesn't mean that we can't drive a Toyota. Bottom line is we have it we use it. When they'll see that it needs changing, it will be changed.
Thanx for the suggestion though.
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>
So, you&rsquo;re going to wait until it gets hacked by someone wanting access to your user list for spams, scams, identity theft, <i>etc.</i> before you install a <i>critical required security update</i>? There are <i>known exploits</i> out there already that any script kiddie can use to hack any version of Snitz Forums 2000 prior to 3.4.05, and the older the version, the more exploits there are, and you&rsquo;re <i>several</i> major security updates (most of them critical and required) behind!

Do understand that this thread is legal record that you&rsquo;ve been properly warned of the likely consequences, and the Zones can now be legally held liable for any such consequences to your users.

I shouldn&rsquo;t even have had to warn you of this. It&rsquo;s <i>your</i> (the Zone&rsquo;s) responsibility to keep your software updated. I found out about the update myself by clicking on the link at the bottom of <i>every page</i> of <i>your own Forums!</i> It&rsquo;s not like it was all that hard to find!

I&rsquo;m doing you a <i>favor</i> here. If you refuse my advice, so be it. I won&rsquo;t even be insulted. But, if called to testify that I did warn you about this, I will testify truthfully that I in fact did warn you, and you acknowledged my warnings and refused my advice to apply the <i>required critical security</i> update.

For the record, version 3.4.05 has been available since late September of 2004. That&rsquo;s a pretty long time in this industry, and since there haven&rsquo;t been any fixes since then, this one really does appear to solve all known significant problems and introduces no new ones.

As for your BMW / Toyota analogy, the proper analogy isn&rsquo;t a Toyota. It&rsquo;s a Ford Pinto. Remember those? They worked just fine &mdash; until rear-ended. Then, <i>ka-<b>boooom!!</b></i> Without warning of any kind.
Replied 13 Jul 2006 11:25:51
13 Jul 2006 11:25:51 Roddy Dairion replied:
Since you really want it to be updated, i've sent your request to the forum founders. They will decide what will be done. And f.y.i, no matter how good a script is or security fixes it has, it WILL and CAN always be hack by some people who's got nothing to do. No matter how good it is, problem will always arise. Have a nice day.
Replied 13 Jul 2006 14:43:09
13 Jul 2006 14:43:09 Roddy Dairion replied:
Ok Joel Rea, 1 of the forum founders has replied to your request
<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
The snitz forum used at the zones is a highly modified version and we done
our own security updates, the version number however was never updated.

Regards,

DMXzone.com

<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>


Edited by - roders22 on 13 Jul 2006 14:43:39

Edited by - roders22 on 13 Jul 2006 14:55:57

Edited by - roders22 on 13 Jul 2006 14:56:20
Replied 13 Jul 2006 20:55:55
13 Jul 2006 20:55:55 Joel Rea replied:
<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
Ok Joel Rea, 1 of the forum founders has replied to your request
<BLOCKQUOTE id=quote><font size=1 face="Verdana, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
The snitz forum used at the zones is a highly modified version and we done
our own security updates, the version number however was never updated.

Regards,

DMXzone.com

<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Verdana, Arial, Helvetica" size=2 id=quote>
Good to know. I can understand not wanting to update a modified forum, as the modifications would have to be redone, though there are workarounds (if you properly commented your modifications, you save the existing versions elsewhere, apply the update, then copy and paste the modifications back in &mdash; of course, there is the likelihood that the modifications would need to be changed to be compatible with [or may even be obsoleted by] the updates).

By &ldquo;we[&rsquo;ve] done our own security updates,&rdquo; have you manually applied every security update that Snitch released in the intervening versions to the modified version of your forum code?

You are correct that nothing is ever 100% secure, but there&rsquo;s a difference between, say, a weak spot that allows entry into your building that nobody, including the potential thieves, knows about yet, and one that&rsquo;s flashing a neon sign, &ldquo;Thieves Enter Here! Totally Unprotected Access to All Our Stuff!&rdquo; Remember, we&rsquo;re talking about <i>known exploits</i> here. That means known to the bad guys.

Reply to this topic