1–1011–14

date issue

From: JonCooper17 Oct 2007 18:34
To: ALL1 of 14
33339.1
is the forum's server having a bad day?
someone mentioned earlier that the dates are getting messed up
the thread list dates don't match the threads





v one of these things is not like the others v
Attachments:
Reply
0/0
From: koswix17 Oct 2007 19:00
To: JonCooper 2 of 14
33339.2 In reply to 33339.1
I've got same issues.

Didn't Matt say before that there was something up with the server's time that he couldn't change or something?

Meh.
Reply
0/0
From: JonCooper17 Oct 2007 19:09
To: koswix 3 of 14
33339.3 In reply to 33339.2
I think he did say something, but it seems about two weeks out now
Reply
0/0
From: koswix17 Oct 2007 19:14
To: JonCooper 4 of 14
33339.4 In reply to 33339.3
two weeks, or 40-odd minutes. Seems to switch between the two on a seemingly random basis.
Reply
0/0
From: Matt17 Oct 2007 20:32
To: ALL5 of 14
33339.5
*cough*
Reply
0/0
From: JonCooper17 Oct 2007 20:59
To: Matt 6 of 14
33339.6 In reply to 33339.5
is the cough cos you've fixed it?
cos it's still the same for me
Reply
0/0
From: Matt17 Oct 2007 21:25
To: JonCooper 7 of 14
33339.7 In reply to 33339.6
The bug is fixed, but the threads won't 'fix' until someone replies to them. This thread is fixed for instance.
Reply
0/0
From: JonCooper17 Oct 2007 23:36
To: Matt 8 of 14
33339.8 In reply to 33339.7
oh cool, nice one (again)
Reply
0/0
From: Peter (BOUGHTONP)18 Oct 2007 00:17
To: Matt 9 of 14
33339.9 In reply to 33339.7
(seperate topic but I can't be arsed starting a new thread)
Did you get that odd Symantec email about a BH vulnerability?
Reply
0/0
From: Matt18 Oct 2007 00:24
To: Peter (BOUGHTONP) 10 of 14
33339.10 In reply to 33339.9

Yep.

 

If it's the vulnerability I think it is, it's already been reported and disclosed by FrSIRT and the US National Vulnerability Database, and as such already public, so I don't know why they've asked for encryption of the emails. Regardless I've made myself a PGP key and sent it to them as requested and I'll wait and see what they say.

 

If you want in you can probably generate and send them your PGP key as well I guess.

Reply
0/0
From: Peter (BOUGHTONP)18 Oct 2007 13:14
To: Matt 11 of 14
33339.11 In reply to 33339.10
Ah ok, I thought it was something special because of all the PGP/encryption stuff.

Don't know if Yahoo or Gmail can do PGP stuff, so wont bother with that.

Was thinking of looking for a scanner thing to automatically pick up vulnerabilities before they hit security places - we use one at work, but it's expensive... I'm sure there's a free one somewhere though.
Reply
0/0
From: Matt18 Oct 2007 14:04
To: Peter (BOUGHTONP) 12 of 14
33339.12 In reply to 33339.11
I've been using Acunetix WVS5 recently but the free version is quite heavily restricted and will only check for the more basic XSS exploits plus it takes an aeon to do anything so scanning for flaws takes at least several hours, especially on a project like Beehive.
Reply
0/0
From: dyl18 Oct 2007 23:13
To: Matt 13 of 14
33339.13 In reply to 33339.10
I know nothing about this stuff, including what it is and isn't safe to say in public without giving too much away, but I'm curious to know more. What damage could someone do with this vulnerability? Big damage?
Reply
0/0
From: Matt19 Oct 2007 00:09
To: dyl 14 of 14
33339.14 In reply to 33339.13

The one reported by FrSIRT is a cross site scripting flaw which allows injection of Javascript into pages.

 

Symantec haven't got back to me yet regarding their discovery.

EDITED: 19 Oct 2007 00:10 by MATT
Reply
0/0