|
Wrom Morrison
Validated User
Join date: 15 Apr 2006
Posts: 462
|
09-09-2006 02:01
I just got the SL Security bulletin in mail, and saw this. From: someone
Q: What kind of attack was used to gain access to the Second Life databases? Has the identity of the attacker been established?
A: We have gathered a significant amount of information regarding the attack and the attacker. However, because the investigation is ongoing, we cannot provide very detailed information regarding the type of attack or identity of the attacker. We can disclose that the intrusion path took advantage of a "zero-day exploit" in third-party web software.
Since the forum is pretty mature software, I'm willing to guess this could have been their new blog thingy which lead to the intrusion.
_____________________
Content creators, please check this feature proposal. The aim of this proposal is to end re-sale rip-offs. (Also benefits freebie makers). 
|
|
Chronic Skronski
SL Live Musician
Join date: 23 Jun 2006
Posts: 997
|
09-09-2006 09:38
From: Wrom Morrison Since the forum is pretty mature software version 3.0.5 is ancient. vBulletin is up to 3.6 now (note that is not 3.0.6) Doing a google search for vBulletin vulnerabilities shows that there are plenty of them that have since been patched in later versions.
_____________________
A man without religion is like a fish without a bicycle.
|
|
Cocoanut Koala
Coco's Cottages
Join date: 7 Feb 2005
Posts: 7,903
|
09-09-2006 09:41
Um . . . is there some reason why they don't keep up-to-date on their versions?
I always download the things from Microsoft Windows that patch up vulnerability and stuff. Doesn't LL do the same thing?
coco
|