Podcasts about VBulletin

vBulletin Exploits CVE-2025-48827, CVE-2025-48828 We do see exploit attempts for the vBulletin flaw disclosed about a week ago. The flaw is only exploitable if vBulltin is run on PHP 8.1, and was patched over a year ago. However, vBulltin never disclosed the type of vulnerability that was patched. https://isc.sans.edu/diary/vBulletin%20Exploits%20%28CVE-2025-48827%2C%20CVE-2025-48828%29/32006 Google Chrome 0-Day Patched Google released a security update for Google Chrome patching three flaws. One of these is already being exploited. https://chromereleases.googleblog.com/ Roundcube Update Roundcube patched a vulnerability that allows any authenticated user to execute arbitrary code. https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 HP Vulnerabilities in StoreOnce HP patched multiple vulnerabilities in StoreOnce. These issues could lead to remote code execution https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US

An international law enforcement operation dismantles AVCheck. Trump's 2026 budget looks to cut over one thousand positions from CISA. Cyber Command's defensive wing gains sub-unified command status. A critical vBulletin vulnerability is actively exploited. Acreed takes over Russian markets as credential theft kingpin. Qualcomm patches three actively exploited zero-days in its Adreno GPU drivers. Researchers unveil details of a Cisco IOS XE Zero-Day. Microsoft warns a memory corruption flaw in the legacy JScript engine is under active exploitation. A closer look at the stealthy Lactrodectus loader. On today's Afternoon Cyber Tea, Ann Johnson speaks with Hugh Thompson, RSAC program committee chair. Decoding AI hallucinations with physics. Complete our annual audience survey before August 31. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have our Afternoon Cyber Tea segment with Ann Johnson. On today's episode, Ann speaks with Hugh Thompson, RSAC program committee chair, as they discuss what goes into building the RSA Conference. Selected Reading Police takes down AVCheck site used by cybercriminals to scan malware (Bleeping Computer) DHS budget request would cut CISA staff by 1,000 positions (Federal News Network) Cybercom's defensive arm elevated to sub-unified command (DefenseScoop) vBulletin Vulnerability Exploited in the Wild (SecurityWeek) Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown (Infosecurity Magazine) Qualcomm fixes three Adreno GPU zero-days exploited in attacks (Bleeping Computer) Exploit details for max severity Cisco IOS XE flaw now public (Bleeping Computer) Microsoft Scripting Engine flaw exploited in wild, Proof-of-Concept published (Beyond Machines) Latrodectus Malware Analysis: A Deep Dive into the Black Widow of Cyber Threats in 2025 (WardenShield) The Root of AI Hallucinations: Physics Theory Digs Into the 'Attention' Flaw  (SecurityWeek) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A PNG Image With an Embedded Gift Xavier shows how Python code attached to a PNG image can be used to implement a command and control channel or a complete remote admin kit. https://isc.sans.edu/diary/A+PNG+Image+With+an+Embedded+Gift/31998 Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis Horizon3 analyzed a recently patched flaw in Cisco Wireless Controllers. This arbitrary file upload flaw can easily be used to execute arbitrary code. https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/ Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE A change in PHP 8.1 can expose methods previously expected to be safe . vBulletin fixed a related flaw about a year ago without explicitly highlighting the security impact of the fix. A blog post now exposed the flaw and provided exploit examples. We have seen exploit attempts against honeypots starting May 25th, two days after the blog was published. https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce

In this episode: Martin runs GitHub Actions on his development workstations using act. Alan likes to help people and has upped his people-helping skills by making little tools to solve their problems. keyshield - A simple utility to protect your game inputs from GNOME keyboard shortcuts. archive-vbulletin-thread - A Python script to archive threads from vBulletin-based forums. Mark has been flexing his grey matter with challenging mathematical/computer programming problems at Project Euler. You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join: The Linux Matters Chatters on Telegram. The #linux-matters channel on the Late Night Linux Discord server. If you enjoy the show, please consider supporting us using Patreon or PayPal. For $5 a month on Patreon, you can enjoy an ad-free feed of Linux Matters, or for $10, get access to all the Late Night Linux family of podcasts ad-free.

In this episode: Martin runs GitHub Actions on his development workstations using act. Alan likes to help people and has upped his people-helping skills by making little tools to solve their problems. keyshield - A simple utility to protect your game inputs from GNOME keyboard shortcuts. archive-vbulletin-thread - A Python script to archive threads from vBulletin-based forums. Mark has been flexing his grey matter with challenging mathematical/computer programming problems at Project Euler. You can send your feedback via show@linuxmatters.sh or the Contact Form. If you’d like to hang out with other listeners and share your feedback with the community you can join: The Linux Matters Chatters on Telegram. The #linux-matters channel on the Late Night Linux Discord server. If you enjoy the show, please consider supporting us using Patreon or PayPal. For $5 a month on Patreon, you can enjoy an ad-free feed of Linux Matters, or for $10, get access to all the Late Night Linux family of podcasts ad-free.

Conducido por Pablo Wasserman y Juan Ruocco.  Círculo Vicioso https://twitter.com/circulovicioso8 Sitio oficial: https://www.circulovicioso.club/ Descuento de 50 USD para abrir una LLC y banco en USA con Firmaway: https://firmaway.us/servicios-sponsor-cv/ (0:00) INTRO (6:35) Studioless edition (10:55) YouTube y MrBeast (15:59) Niños y contenido de Internet (20:34) Set up y Coherence (24:24) Klaus Schwab, Milei y WEF (28:16) WEF e ideología (44:14) Humanidad, universalismo y progreso (52:56) Geopolítica y armas nucleares (55:22) Ucrania, desnuclearización y agendas (1:01:12) Europa, Alemania y armamento (1:09:22) Drones y guerra moderna (1:16:22) Argentina, Milei y Trump (1:29:03) Aceleracionismo (1:32:36) circulovicioso.club (1:44:13) vBulletin y foro (1:49:41) Gabriel Rolon y John Lennon (1:55:38) MacGyver el reptil (2:04:00) Larreta (2:07:53) Elecciones en Taiwan (2:12:52) Cierre y final

Is it possible to escalate a self-XSS into an account takeover? Perhaps, we take a look at some potential options by abusing single-sign on. Then we take a look at a few Facebook/Meta authentication issues, and a deserialization trick to increase the usable classes in PHP. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/185.html [00:00:00] Introduction [00:00:21] Single-Sign On Gadgets: Escalate (Self-)XSS to Account Takeover [00:11:11] Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing [00:14:00] DOM-XSS in Instant Games due to improper verification of supplied URLs [00:18:55] Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation [00:29:33] Unserializable, but unreachable: Remote code execution on vBulletin [00:34:54] Lexmark MC3224adwe RCE exploit The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

This week, we welcome back Mike Nichols, Head of Product at Elastic Security, to discuss Why Elastic Is Making Endpoint Security 'Free And Open'! In our second segment, it's the Security News! We'll be talking about how Amazon Alexa One-Click Attack Can Divulge Personal Data, Researcher Publishes Patch Bypass for vBulletin 0-Day, Threat actors managed to control 23% of Tor Exit nodes, a Half a Million IoT Passwords were Leaked, Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment, and a Zoom zero-day flaw allows code execution on victim's Windows machine! In our final segment, we air a pre recorded interview with Michael Assraf, CEO and Co-Founder at Vicarius, to talk about Vulnerability Rich - Contextually Blind!   Show Notes: https://wiki.securityweekly.com/psw662 Visit https://securityweekly.com/vicarius to learn more about them! Visit https://securityweekly.com/elastic to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Mike Nichols, Head of Product at Elastic Security, to discuss Why Elastic Is Making Endpoint Security 'Free And Open'! In our second segment, it's the Security News! We'll be talking about how Amazon Alexa One-Click Attack Can Divulge Personal Data, Researcher Publishes Patch Bypass for vBulletin 0-Day, Threat actors managed to control 23% of Tor Exit nodes, a Half a Million IoT Passwords were Leaked, Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment, and a Zoom zero-day flaw allows code execution on victim's Windows machine! In our final segment, we air a pre recorded interview with Michael Assraf, CEO and Co-Founder at Vicarius, to talk about Vulnerability Rich - Contextually Blind!   Show Notes: https://wiki.securityweekly.com/psw662 Visit https://securityweekly.com/vicarius to learn more about them! Visit https://securityweekly.com/elastic to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

vBulletin 0-Day Exploit https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/ Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+August+2020+Patch+Tuesday/26452/ Adobe Patches https://helpx.adobe.com/security.html Citrix End Point Management Updates https://www.citrix.com/blogs/2020/08/11/citrix-provides-security-update-on-citrix-endpoint-management/

vBulletin 0-Day Exploit https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/ Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+August+2020+Patch+Tuesday/26452/ Adobe Patches https://helpx.adobe.com/security.html Citrix End Point Management Updates https://www.citrix.com/blogs/2020/08/11/citrix-provides-security-update-on-citrix-endpoint-management/

This week, Matt Mosley and Kash Izadseta cover the news of the week. British Airline company EasyJet data breach Brazilian Company Natura data breach Ukrainian Hacker Sanix arrested Bluetooth vulnerability vBulletin vulnerability HTTP 404 commands malware Links mentioned in this episode: https://www.wltz.com/2020/05/20/easyjet-hacker-stole-data-on-9-million-customers/ https://thehackernews.com/2020/05/natura-data-breach.html https://thehackernews.com/2020/05/vBulletin-access-vulnerability.html https://www.techspot.com/news/85288-researchers-found-new-bluetooth-bug-allows-hackers-impersonate.html https://www.zdnet.com/article/hacker-arrested-in-ukraine-for-selling-billions-of-stolen-credentials/ https://thehackernews.com/2020/05/malware-http-codes.html http://tevoratalks.com Instagram, Twitter, Facebook: @TevoraTalks

Are iOS 0days now worthless? Can you hack a satellite...or hackerone? Are WAFs worthwhile? And more on a fairly discussion heavy episode of DAY[0]. [00:00:52] [UPDATE] Huawei HKSP Introduces Trivially Exploitable Vulnerability https://github.com/cloudsec/aksp/blob/master/hksp.patch [00:11:59] iOS one-click chains prices likely to drop https://www.hackasat.com/ [00:33:30] Defcon Quals 2020 https://hxp.io/blog/72/DEFCON-CTF-Quals-2020-notbefoooled/ [00:46:33] vBulletin 5.6.1 SQL Injection [00:52:52] Subdomain takeover of resources.hackerone.com [01:01:11] MyLittleAdmin PreAuth RCE [01:06:13] DOM-Based XSS at accounts.google.com by Google Voice Extension. [01:16:47] Playing with GZIP: RCE in GLPI [CVE-2020-11060] [01:36:24] Reverse RDP - The Path Not Taken [01:44:19] PrintDemon: Print Spooler Privilege Escalation, Persistence & Stealth [CVE-2020-1048] https://twitter.com/VbScrub/status/1260598344650539009 [01:53:34] Security Flaws in Adobe Acrobat Reader Allow Malicious Program to Gain Root on macOS Silently [02:00:29] Cloud WAF Comparison Using Real-World Attacks https://medium.com/fraktal/cloud-waf-comparison-part-2-e6e2d25f558chttps://en.wikipedia.org/wiki/Server_Side_Includes [02:18:20] Fuzzing TLS certificates from their ASN.1 grammar [02:22:25] DHS CISA and FBI share list of top 10 most exploited vulnerabilities Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])

In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode651

In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode651

This week, we welcome back Mike Nichols, Head of Product at Elastic Security, to talk about MITRE ATT&CK & Security Visibility: Looking Beyond Endpoint Data! In our second segment, we welcome back Harry Sverdlove, Founder and CTO of Edgewise Networks, to discuss Securing Remote Access, Quarantines, and Security! In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities!   Show Notes: https://wiki.securityweekly.com/PSWEpisode651 To learn more about Elastic Security, visit: https://securityweekly.com/elastic To view the Elastic Dashboard of MITRE ATT&CK Round 2 Evaluation Results, visit: https://ela.st/mitre-eval-rd2 To learn more about Edgewise Networks or to request a Demo, visit: https://securityweekly.com/edgewise   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Mike Nichols, Head of Product at Elastic Security, to talk about MITRE ATT&CK & Security Visibility: Looking Beyond Endpoint Data! In our second segment, we welcome back Harry Sverdlove, Founder and CTO of Edgewise Networks, to discuss Securing Remote Access, Quarantines, and Security! In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities!   Show Notes: https://wiki.securityweekly.com/PSWEpisode651 To learn more about Elastic Security, visit: https://securityweekly.com/elastic To view the Elastic Dashboard of MITRE ATT&CK Round 2 Evaluation Results, visit: https://ela.st/mitre-eval-rd2 To learn more about Edgewise Networks or to request a Demo, visit: https://securityweekly.com/edgewise   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Satnam walks us through May’s Patch Tuesday which, even at 111 vulnerabilities, was a bit calmer than prior months’ releases. We also talk about vulnerabilities in vBulletin, Cisco, Salt Framework and Sophos XG Firewall - and more. Satnam highlights primary research including flaws Tenable Research found in Instacart’s website and social media scams. To round it out, Eric Detoisien, Director of Research for WAS Content, joins us to talk about web application scanning and how his small-but-brilliant team develops WAS plugins.Show References:SophosLabs on “Asnarök” Trojan - https://news.sophos.com/en-us/2020/04/26/asnarok/Second Grader Hacks System, Shows Kids How to Access Any Student Account - https://bocanewsnow.com/2020/05/12/coronavirus-massive-palm-beach-county-school-district-student-password-breach/WAS SSL/TLS plugins - https://staging.tenable.com/plugins/was/families/SSL%2FTLSRecently from Research:https://www.tenable.com/blog/scams-exploit-covid-19-giveaways-via-venmo-paypal-and-cash-app https://www.tenable.com/blog/microsoft-s-may-2020-patch-tuesday-addresses-111-cveshttps://www.tenable.com/blog/instacart-patches-sms-spoofing-vulnerability-discovered-by-tenable-researchhttps://www.tenable.com/blog/cve-2020-12720-vbulletin-urges-users-to-patch-undisclosed-security-vulnerabilityhttps://www.tenable.com/blog/cisco-patches-multiple-flaws-in-adaptive-security-appliance-firepower-threat-cve-2020-3187https://www.tenable.com/blog/cve-2020-11651-cve-2020-11652-critical-salt-framework-vulnerabilities-exploited-in-the-wildhttps://www.tenable.com/blog/wordpress-e-learning-plugin-vulnerabilities-range-from-cheating-to-remote-code-executionhttps://www.tenable.com/blog/cve-2020-12271-zero-day-sql-injection-vulnerability-in-sophos-xg-firewall-exploited-in-the-wildhttps://www.tenable.com/blog/multiple-zero-day-vulnerabilities-in-ios-mail-app-exploited-in-the-wildhttps://www.tenable.com/blog/adv200004-microsoft-releases-out-of-band-advisory-to-address-flaws-in-autodesk-filmbox-fbxhttps://medium.com/tenable-techblog/remapping-python-opcodes-67d79586bfd5https://medium.com/tenable-techblog/getting-root-on-macos-via-3rd-party-backup-software-b804085f0c9Follow the Security Response Team on the Tenable Community https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alerts

tradershky and Vintage One co-host. (Topic starts at 0:30:30 mark): Stubhub is acting unethically with their cancelled event policy, and we have both attorney Eric Bensamochan and ticket broker "Rob from Pennsylvania" to give their expertise on the matter.... (1:35:34): Mike Postle accidentally doxxes himself in legal filing, RounderLife website steps up defense of him.... (2:21:53): Interview with documentary director/producer Sandra Mohr about her "Poker Queens" documentary, and we learn about her secret identity..... (2:58:12): Prahlad Friedman has a jealous fit on Twitter, breaks up with his longtime girlfriend, gets back together.... (3:38:54): 2+2 is abandoning long-used vBulletin software for unpopular "Vanilla" software, users are angry.... (4:22:58): Isai Scheinberg pleads guilty, but what will his sentence be?.... (4:35:35): WSOP says that they won't make a cancellation or postponement until early May.... (4:51:24): Phil Galfond continuing to crush VeniVidi in remarkable comeback. Should questions be asked?.... (5:13:54): Antibody tests and three existing drugs give some hope regarding coronavirus fight.... (5:29:37): Four prominent names in poker -- David "Doc" Sands, Victor Ramdin, Andy Frankenberger, and Matt Savage come down with COVID-19.... (6:01:15): Can your heart rate tell you if you're about to come down with coronavirus symptoms?.... (6:29:49): Concierge medicine and the reason celebrities can get tested so fast.... (6:41:57): Rhode Island attempting to prevent New Yorkers from fleeing there.... (6:49:10): Most adults will get $1200 in assistance from the government, but do poker players qualify?.... (7:09:40): GGNetwork (GGPoker) bans players for "bumhunting".... (7:32:13): Bovada/Ignition has major lag problems, and Druff realizes it might be harming his poker game.... (7:49:39): Flashback to 1985: WSOP Main Event charges no rake due to major change in cash reporting law.

tradershky and Vintage One co-host. (Topic starts at 0:30:30 mark): Stubhub is acting unethically with their cancelled event policy, and we have both attorney Eric Bensamochan and ticket broker "Rob from Pennsylvania" to give their expertise on the matter.... (1:35:34): Mike Postle accidentally doxxes himself in legal filing, RounderLife website steps up defense of him.... (2:21:53): Interview with documentary director/producer Sandra Mohr about her "Poker Queens" documentary, and we learn about her secret identity..... (2:58:12): Prahlad Friedman has a jealous fit on Twitter, breaks up with his longtime girlfriend, gets back together.... (3:38:54): 2+2 is abandoning long-used vBulletin software for unpopular "Vanilla" software, users are angry.... (4:22:58): Isai Scheinberg pleads guilty, but what will his sentence be?.... (4:35:35): WSOP says that they won't make a cancellation or postponement until early May.... (4:51:24): Phil Galfond continuing to crush VeniVidi in remarkable comeback. Should questions be asked?.... (5:13:54): Antibody tests and three existing drugs give some hope regarding coronavirus fight.... (5:29:37): Four prominent names in poker -- David "Doc" Sands, Victor Ramdin, Andy Frankenberger, and Matt Savage come down with COVID-19.... (6:01:15): Can your heart rate tell you if you're about to come down with coronavirus symptoms?.... (6:29:49): Concierge medicine and the reason celebrities can get tested so fast.... (6:41:57): Rhode Island attempting to prevent New Yorkers from fleeing there.... (6:49:10): Most adults will get $1200 in assistance from the government, but do poker players qualify?.... (7:09:40): GGNetwork (GGPoker) bans players for "bumhunting".... (7:32:13): Bovada/Ignition has major lag problems, and Druff realizes it might be harming his poker game.... (7:49:39): Flashback to 1985: WSOP Main Event charges no rake due to major change in cash reporting law.

בפרק זה נדבר על השירות החדש של דיסני, דיסני פלוס, ועל איך בימים הראשונים של השירות נגנבו עשרות אלפי חשבונות של משתמשים עם סיסמאות, מה שאיפשר לפורצים לנעול את אותם משתמשים מחוץ לשירות ולמכור את המידע הזה.מחקירה עולה שהפריצה לא בוצעה על ידי חדירה ישירות לשירות החדש, אלא דווקא בגלל פריצה שהייתה בשנת 2016 לפורום של דיסני לגיקים של גיבורי העל, שבה נגנבו מאות אלפי פרטי מידע של משתמשים, ואותם משתמשים שנגנבו מהעבר ויתחברו לשירות החדש של דיסני, נפרצו בשירות החדש בגלל שימוש חוזר באותם פרטי התחברות.נדבר על קווים מנחים לניהול קהילה ובסיס משתמשים, על החשיבות של עדכוני תוכנה ועל נושא של שימוש בסיסמאות חוזרות בין שירותים משיקים.אהה, וכמובן על קפטן מארוול ואיירון-מן.Links:https://www.owasp.org/index.php/Credential_stuffinghttps://haveibeenpwned.com/

A daily look at the relevant information security news from overnight.Episode 194 - 12 November 2019SmarterASP downed - https://threatpost.com/ransomware-attack-downs-hosting-service-smarterasp-net/150072/VegaLocker RaaS - https://www.zdnet.com/article/vegalocker-evolves-into-buran-ransomware-as-a-service/ZoneAlarm leak - https://www.securityweek.com/data-zonealarm-forum-users-leaked-following-breachTrickBot harassment scam - https://www.bleepingcomputer.com/news/security/trickbot-malware-uses-fake-sexual-harassment-complaints-as-bait/Dharma decrypt scam - https://www.theregister.co.uk/2019/11/11/dharma_decryption_promises_data_recovery/

Als je wil bijpraten over Libra en bitcoin - op het de melodie van Ghostbusters: who you gonna calll? Krijn Soeteman! Bleek-ie ook nog recent bij de Large Hadron Collider van het CERN te zijn geweest. Mooi hoor. En hoe komt het dat Hookers.nl en andere vBulletin-fora lek waren? Tijdschema:0:00 - Intro0:02 - Krijn en bitcoin0:32 - Op bezoek bij CERN0:51 - Hookers.nl en het vBulletin-lek1:09 - Vragen van de luisteraars1:24 - TipsTips:Joost- Film: Booksmarkt- Elk jaar een nieuwe energiemaatschappij zoekenRandal- History of Tony Hawk's Pro Skater: https://www.youtube.com/watch?v=XVAdmJ1s7io- Koffiethijs met Ruurd Sanders- Mad Chat Podcast over Batman: The Animated Series: https://www.madchatshow.com/batman-the-animated-seriesKrijn- De Bourgondiërs, Bart van Loo (als je wil weten waarom de Lage Landen zijn zoals ze zijn…)- Podcast: De Bitcoin Show (van Boris van Gamekings, hij is de Cryptocast van BNR uitgewandeld, nu Bitcoin only- The World of Thinking https://www.2doc.nl/documentaires/series/2doc/2019/oktober/the-world-of-thinking.html- Pisnicht The Movie https://www.vpro.nl/programmas/pisnicht-the-movie.html- The Poisoner's Handbook https://en.wikipedia.org/wiki/The_Poisoner%27s_Handbook

A daily look at the relevant information security news from overnight.Episode 173 - 14 October 2019Nitro PDF flaw - https://www.bleepingcomputer.com/news/security/nitro-pdf-pro-to-get-micropatches-for-7-potential-rce-bugs/Fin7 active - https://threatpost.com/fin7-retools/149117/Hookers hacked - https://www.technadu.com/hookers-nl-forum-hacked-250000-users-exposed/82246/Leafy data smoked - https://www.technadu.com/cannabis-news-website-leafly-exposes-customer-information/82326/Faux Crypto platform - https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2019+Patch+Tuesday/25396/ Android Update https://source.android.com/security/bulletin/2019-10-01 vBulletin Update https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2019+Patch+Tuesday/25396/ Android Update https://source.android.com/security/bulletin/2019-10-01 vBulletin Update https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2

How can you rob a bank over the phone? In this episode of Technado, PeopleSec’s Joshua Crumbaugh shares that story of social engineering and several other red team pen-testing stories. In the news, the team discusses the new CentOS release and a pesky vBulletin exploit.

How can you rob a bank over the phone? In this episode of Technado, PeopleSec’s Joshua Crumbaugh shares that story of social engineering and several other red team pen-testing stories. In the news, the team discusses the new CentOS release and a pesky vBulletin exploit.

How can you rob a bank over the phone? In this episode of Technado, PeopleSec’s Joshua Crumbaugh shares that story of social engineering and several other red team pen-testing stories. In the news, the team discusses the new CentOS release and a pesky vBulletin exploit.

How can you rob a bank over the phone? In this episode of Technado, PeopleSec’s Joshua Crumbaugh shares that story of social engineering and several other red team pen-testing stories. In the news, the team discusses the new CentOS release and a pesky vBulletin exploit.

How can you rob a bank over the phone? In this episode of Technado, PeopleSec’s Joshua Crumbaugh shares that story of social engineering and several other red team pen-testing stories. In the news, the team discusses the new CentOS release and a pesky vBulletin exploit.

How can you rob a bank over the phone? In this episode of Technado, PeopleSec’s Joshua Crumbaugh shares that story of social engineering and several other red team pen-testing stories. In the news, the team discusses the new CentOS release and a pesky vBulletin exploit.

vBulletin Botnet https://twitter.com/bad_packets/status/1177256656322695168 Cisco Industrial Router Security Bulletin https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth Sniffle Bluetooth Sniffer https://github.com/nccgroup/sniffle Outlook on the web blocking more extensions https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Changes-to-File-Types-Blocked-in-Outlook-on-the-web/ba-p/874451

Security Nation returns this week with a new episode that's all about collaboration. We are joined by Katie Trimble of the Department of Homeland Security and Chris Coffin of MITRE for a discussion about their contribution to the CVE Project. The two talk how they got their start in their respective organizations, why the CVE Project is so important for security professionals, challenges they've faced to get this project off the ground and optimize their operations, and how others can pitch in as a CVE Numbering Authority (CNA).  You'll also hear from Tod in our Rapid Rundown, where he compares and contrasts the the InfoSec world's response to the vBulletin and Internet Explorer zero-days this past week, and (as usual) brings you the latest in our BlueKeep Watch.

The Airbus supply chain is reported to be under attack, possibly by Chinese industrial espionage operators. Phishing campaigns impersonate Google Cloud services. A new commodity information stealer is on offer in the black market. The vBulletin zero-day was weaponized surprisingly quickly. DoorDash discloses a hack that exposed almost five million persons’ data. And a look at JTF Ares operations against ISIS shows commendable attention to increasing the enemy’s friction.  David Dufour from Webroot on the need for a variety of areas of expertise in security. Guest is Caleb Barlow CEO and President of Cynergistek, discussing the security implications of being CEO of a public company. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_27.html  Support our show

Malspam Pushing Quasar RAT https://isc.sans.edu/forums/diary/Malspam+pushing+Quasar+RAT/25354/ vBulletin 0-Day Exploit Update https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-exploited-for-years-gets-unofficial-patch/ Fake Veteran Employment Site https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html

vBulletin Botnet https://twitter.com/bad_packets/status/1177256656322695168 Cisco Industrial Router Security Bulletin https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth Sniffle Bluetooth Sniffer https://github.com/nccgroup/sniffle Outlook on the web blocking more extensions https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Changes-to-File-Types-Blocked-in-Outlook-on-the-web/ba-p/874451

A daily look at the relevant information security news from overnight.Episode 161 - 26 September 2019Magecart hits routers - https://threatpost.com/magecart-group-targets-routers-behind-public-wi-fi-networks/148662/vBulletin zero-day - https://www.scmagazine.com/web-services-security-e-commerce-security/reports-actively-exploited-zero-day-found-in-vbulletin-forum-software/Chinese attacking Windows - https://threatpost.com/narrator-windows-utility-trojanized-to-gain-full-system-control/148654/Liberia Porrua exposed - https://www.technadu.com/mexican-bookstore-libreria-porrua-exposes-data-million-customers/80932/Heyyo exposed - https://www.zdnet.com/article/heyyo-dating-app-leaked-users-personal-data-photos-location-data-more/Adobe patches ColdFusion - https://www.bleepingcomputer.com/news/security/adobe-fixes-critical-security-vulnerabilities-in-coldfusion/

We’re back! The Cyber Security Brief returns for season 2. In our first episode, Dick O’Brien is joined by Brigid O’Gorman and Gavin O’Gorman (no relation) to discuss our recent research into Tortoiseshell, an APT group we recently discovered using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers. We also discuss the recently revealed vulnerability in vBulletin, the release of iOS 13, a ransomware attack on a healthcare facility in Wyoming, and Facebook suspending thousands of apps from its platform.

Tortoiseshell is trolling for military veterans. There’s been a fresh Fancy Bear sighting. The transcript of a conversation between the US and Ukrainian presidents has been released. Citizen Lab warns that Poison Carp is actively working against Tibetan groups. A zero-day afflicting vBulletin forum software is out. GandCrab comes out of retirement. And there’s an odd spam campaign in circulation that looks like phishing but seems not to be.  Ben Yelin from UMD CHHS on the White House blocking Congress from auditing its offensive hacking strategy. Guest is Tim Keeler from Remediant looking at lateral movement in the context of the NotPetya attacks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_25.html  Support our show

A patent lawsuit takes aim at the GNOME Foundation, Cloudflare launches a VPN service that does not protect privacy, a long-standing exploit has finally been disclosed for vBulletin, and Google has announced their latest code-in challenge.

A patent lawsuit takes aim at the GNOME Foundation, Cloudflare launches a VPN service that does not protect privacy, a long-standing exploit has finally been disclosed for vBulletin, and Google has announced their latest code-in challenge.

Malspam Pushing Quasar RAT https://isc.sans.edu/forums/diary/Malspam+pushing+Quasar+RAT/25354/ vBulletin 0-Day Exploit Update https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-exploited-for-years-gets-unofficial-patch/ Fake Veteran Employment Site https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html

Content management systems were all the rage about a decade ago.  However, that market has settled down a lot and has only a few top contenders.  That may not matter to you or your customers.  A CMS is going to be a tool that can provide a large amount of value if it works closely to how you do.  Therefore, it is worth your time to stay up to speed with the latest offerings.  There are significant differences in how they approach managing content. Content Management Usually Means WordPress To be honest, WordPress is the winner of popular and useful CMS tools.  It leads the market in a way that it makes little sense to develop extensions and integrations with any other solution in the market.  Therefore, it may very well be the case that selecting any other option should only occur when you have made a good argument against using WordPress. That being said, there are other options available.  There are also good reasons to choose one of the other platforms for you or your customer.  The most important things to consider through your evaluation process are the administrative and content tools.  These vary in ease of adding, editing and removing material.  There are secondary requirements to consider as well.  These include the user experience and technical considerations.  However, a CMS is going to be a success or failure based on those first two requirements more often than not. The List Here are the tools we cover in this episode.  Almost all of these can be installed and ready for you to assess within an hour or less.  Take advantage of this hands-on approach to review the options.  Save yourself time and skip marketing or third-party opinions. The market share by percentages list can be found here: https://colorlib.com/wp/most-popular-content-management-systems/. Wordpress: https://wordpress.org/ Joomla: https://www.joomla.org/: This platform is PHP-based and loved by developers.  However, it is not as easy to administer as Wordpress.  There is a far more complex level of administration required and a lot of built-in extensions/plugins.  In the end, it is easier to do complex customization than Wordpress.  On the other hand, it will take a longer time to get started. Drupal: https://www.drupal.org/ This is another popular PHP solution similar to Joomla.  However, It is not as easy to install.  Consequently, I ran into snags in my testing that may have been my lack of familiarity with the tool.  On the other hand, this solution has an impressive amount of extensions and plugins Blogger: https://www.blogger.com/home: This is free, quick and easy to launch but very ad-filled.  It leaves you with little control over customization.  There are no real extensions available.  For better or worse, it is owned by Google. Typo3: http://typo3.org/: This is aimed more at a website than a blogging tool.  It is a solution well-suited for creating online documentation as well as traditional marketing focused sites.  This tool has a relatively simple and easy to understand UI. vBulletin: https://www.vbulletin.com/. This is not a free solution.  However, it has a solid history.  It also has better community tools than the other options here.

Matt Mecham‘s code has powered far too many online communities to count. Developing popular online community software since 2001, he worked on YaBB and founded Ikonboard, before co-founding Invision Power Services, the company behind Invision Community. Given his long view of the industry, Matt sees the timeline of online community as progressing through a few eras: The early years, when he began developing software. The middle years, where platforms became more cognizant of UI considerations and SEO. The recent years, Facebook opening to the public and the resulting impact. And now, which he refers to as the “post-Facebook era.” Where will online communities go in that era? Plus: The community software business shift from licensing to SaaS (software as a service) New features vs. bloat Why he turned down a job offer from vBulletin Our Podcast is Made Possible By… If you enjoy our show, please know that it’s only possible with the generous support of our sponsor: Higher Logic. Big Quotes “Running a good community is transcendent of the software you use.” –@mattmecham “Facebook is very much about now, what’s happening now. You try and find, even in a group, even a moderately busy group, trying to find something from last week is chaos. It’s crazy. It’s really really hard to do, so I think people that have had success with Facebook Groups are now looking at the next step. What’s the next step that they’ve got to take? They understand that they can’t keep a Facebook group because it’s too chaotic, once you get to 5,000, 10,000 people posting.” –@mattmecham About Matt Mecham Matt Mecham is a print designer turned Perl developer turned PHP developer. He has been creating community software since 2001. Matt founded Ikonboard and then started Invision Power Services with Charles Warner in 2002. 15 years later, their product, Invision Community, powers countless communities. Matt leads development and social media marketing. He still codes and, even though he’s been doing it forever, really enjoys it. Related Links Sponsor: Higher Logic, the community platform for community managers Matt Mecham on Twitter Wikipedia page for Ikonboard, an old community software platform that Matt developed, starting in 1999 Invision Community, community software by Invision Power Services, the company Matt co-founded with Charles Warner YaBB, a long-running community software platform, where Matt was once part of the development team “Jarvis Entertainment Group Acquires Ikonboard.com” press release Forumbee, Zendesk, CMNTY, Open Social, Discourse and vBulletin, community software platforms mentioned in our discussion about the shift from the licensing business model to SaaS Bravenet and ezboard (Wikipedia page), two services that essentially offered SaaS forum hosting in the 1990s Community Signal episode with Mike Creuzer, where we discussed vBulletin’s platform changes “Managing Online Forums,” Patrick’s book Invision Community on Facebook Transcript View transcript on our website Your Thoughts If you have any thoughts on this episode that you'd like to share, please leave me a comment, send me an email or a tweet. If you enjoy the show, we would be so grateful if you spread the word and supported Community Signal on Patreon.

Audentio, the parent of ThemeHouse, is a forums-focused digital agency, with high profile clients like AVForums, Mac Rumors and Android Forums. There aren’t too many (any?) agencies focused this seriously on forums, working at such a high level. Founder and owner Mike Creuzer has been working in forums since he was 11, starting on an MSN TV, and they’ve had a massive impact on his life. Though currently focused on XenForo, Mike and Audentio have worked with many forum platforms over the years, giving him an interesting perspective on the space, and where it’s headed. Plus: How a Harry Potter forum taught him more about being a person, than about Harry Potter Why being a developer-friendly forum platform is important The forum platform Audentio is migrating people from the most Our Podcast is Made Possible By… If you enjoy our show, please know that it’s only possible with the generous support of our sponsor: Open Social. Big Quotes “Being [in forums when I was] 11 or 12, I learned how to formulate an argument and present it. The good thing about forums is you actually get to take your time researching, or putting together some type of thought. … Not only did I learn about managing forums, but interpersonal skills.” -@mikecreuzer “I don’t know where I would be without forums. I don’t know. It’s my career. It’s what I do. I wanted to play baseball, but instead I got forums. That’s just the way life works." -@patrickokeefe “[At some point, vBulletin wasn’t giving developers] the tools that they need. That’s the thing a lot of software companies forget. Who do you have to make happy first? The developers and the designers. They are the ones who are actually going to build out the third party resources. Every forum that I know of has at least a couple of add-ons that are third party. The developers are the ones who actually go out there and build those tools. And the developers are what make your community sustainable and powerful and a place where people will sometimes come to your platform just because of these certain features and tools. And I feel like [vBulletin] didn’t listen to what the developers were needing but other platforms were, and it wasn’t even a hard decision for a lot of people [to leave them].” -@mikecreuzer About Mike Creuzer Mike Creuzer is a UI/UX and digital strategist from northern Illinois in the United States, and has worked in communities and forums since he was around 11. It started as a hobby, and after wanting to grow his forum and getting quotes for astronomical sums of money (that he’d later grow up to learn were quite reasonable), and being a kid unable to afford these quotes, Mike set out to learn the skills himself. Some 15 years later, he now runs Audentio, a small agency that solves problems all over the world, most known for their forum-focused services offered under the ThemeHouse name. Related Links Sponsor: Open Social, community building for nonprofits Mike on LinkedIn Audentio, the digital agency that Mike founded and owns ThemeHouse, owned by Audentio Community Signal episode with Serena Snoad of Alzheimer’s Society, whose Talking Point community was recently developed by Audentio XenForo, a forum platform that Audentio currently does a lot of work with vBulletin, a forum platform that Mike worked more with in the past, and now sees a lot of migrations away from Android Forums, AVForums and Mac Rumors, other clients of Audentio phpBB, a forum platform that Patrick currently uses and has used more in the past CoSForums, or Chamber of Secrets, the official forums of MuggleNet.com, the first online community that Mike was heavily involved in Wikipedia page for MSN TV, a set top box that provided web browsing capabilities to your TV “DWx Has Been a Moderator for 10 Years,” a thread at KarateForums.com about a moderator that has been on Patrick’s team for more than 10 years “UCL Reconstruction,” a thread about that moderator’s recent UCL reconstruction surgery Digital Point, an online community that some people use to make money, as Mike did in the past Simple Machines, MyBB, ProBoards, Invision Community (referred to as IPB or IPS), NodeBB, Discourse and Flarum, other forum platforms mentioned during this episode Community Signal episode with Emily Temple-Wood, former Wikipedian of the Year, where we also discussed being a kid online WikiProject Women Scientists, led by Emily Temple-Wood Chuck Wadlow of cPanel, another Audentio client SitePoint, and SitePoint Forums, an online community that has been impactful in Patrick’s life Matt Mecham of Invision Community, formerly of Ikonboard ZetaBoards, which acquired InvisionFree Skin Zone Kier Darby and Mike Sullivan, XenForo developers Transcript View transcript on our website Your Thoughts If you have any thoughts on this episode that you’d like to share, please leave me a comment, send me an email or a tweet. If you enjoy the show, we would be so grateful if you spread the word and supported Community Signal on Patreon. Thank you for listening to Community Signal.

Most of the members of the Alzheimer’s Society’s Talking Point community don’t have dementia. But 4% do. And that creates a unique challenge when it comes to designing an online community. Features that we might take for granted, like saved drafts, take on a whole new meaning when you are experiencing short term memory loss. Community manager Serena Snoad joins the show to talk about building a welcoming community for people with dementia, plus: How memory loss impacts how they moderate Debriefing sessions that Serena offers to staff members who have handled a stressful issue Why XenForo was the right software choice for them, in their recent relaunch Disclosure: Serena has kindly supported our show’s Patreon campaign. I’ve known her for years, and it has nothing to do with her being a guest on the show, but I felt it was worth mentioning. Our Podcast is Made Possible By… If you enjoy our show, please know that it’s only possible with the generous support of our sponsor: Higher Logic. Big Quotes “If somebody says they have dementia, or if they’re a carer, we would then, as a team, be looking at the posts and the activity of members, particularly newer members, to see if they need any additional support. For somebody with dementia, if we feel that they’re using the community in a way that may not be very helpful, we’re not sure whether or not they’re understanding the terms and conditions or their behavior. We will take a much gentler approach with moderation. Generally, we’ll do that also for people who are undergoing quite a lot of emotional distress. We would also moderate in a slightly different way, in a way that’s designed to encourage them to post in a different way. So yes, it’s quite a delicate balance, and that’s one of the reasons why my staff and volunteers have training in emotional support as well as training in technical support. That’s been important for us.” -@serenastweeting “If you Google a health condition, it’s a horrible mess out there. To be able to get trusted information about what you need, and to be able to find people who know what they’re talking about, I think it’s really important to be in those [digital] spaces.” -@serenastweeting About Serena Snoad Serena Snoad is an online community manager, running the digital service at the Alzheimer’s Society, a charity in the UK. She lives and works in London and manages Talking Point, the Alzheimer’s Society’s 14 year old online community. Prior to this, Serena worked in social media management and communications for other charities. She holds a qualification in public relations from the CIPR. Related Links Sponsor: Higher Logic, the community platform for community managers Serena on LinkedIn Talking Point, the Alzheimer’s Society’s online community, where Serena is online community manager CommunityCo, where Patrick is director of community Nada Savitch, who helped start Talking Point Samaritans, a charity that provides support to those at risk of suicide Wikipedia page for safeguarding, a term to describe the processes about protecting the health and well-being and human rights of people XenForo, which powers Talking Point’s recently relaunched community vBulletin, Talking Point’s previous platform Discourse, a community software option that the Alzheimer’s Society considered phpBB, which Patrick uses Nimbus Hosting, who Alzheimer’s Society uses for web hosting and technical support Dogs Trust, Macmillan, Cancer Research and NSPCC, charities who were "leading the way" on social media when Serena started working closely with how the charity she worked for engaged online Transcript View transcript on our website Your Thoughts If you have any thoughts on this episode that you’d like to share, please leave me a comment, send me an email or a tweet. If you enjoy the show, we would be so grateful if you spread the word and supported Community Signal on Patreon.

In May of 2001, I launched a martial arts community with a focus on respectful discussion and a generally family friendly atmosphere. The very next month, Bob Hubbard did the exact same thing. From an outward perspective, you might label us competitors and expect us to dislike each other. But we developed a friendship based upon mutual respect, which allowed us to compare notes and share knowledge around common challenges. On this episode, we discuss the benefits of being friendly with those managing “competing” communities. Plus: Community “brigading,” or coordinated attacks meant to disrupt an online community The threats that we received running communities where, more often than not, the members have been taught a form of physical combat How Bob approached selling his forum Big Quotes “If you make people choose, they won’t choose you. That’s always been my thought process. For instance, with my moderators and staff members, there’s no loyalty pledge – to borrow a phrase that’s really out there right now thanks to our president. There’s no loyalty pledge for joining my staff as a moderator.” -@patrickokeefe “I always tried to put MartialTalk on the mindset of you’ve just had a really good seminar, now you’re in the lobby of the school. You’re putting your gear away, and you’re shooting the breeze with everybody about what went on and what you’re going to do next. As opposed to some forums that had the attitude of no chit chat, just keep it on right on topic. You couldn’t deviate.” -Bob Hubbard “My own instructor got suspended [from my community] once or twice. It’s like, ‘Just because he’s the guy holding a belt rank in front of me doesn’t mean we’re going to give him a pass on behavior.'” -Bob Hubbard About Bob Hubbard Bob Hubbard is a photographer in Buffalo, New York. A native of Western New York, he speaks fluent chicken wing, beef on weck and sponge candy. He has a background is game development, programming and BBSs. Bob started moderating dial up BBSs in the late 80s and writing war games and RPG’s on the Commodore 64. In the late 90s, he transitioned to web design and launched his first web forum in 2000. A small locally-focused martial arts community on a hosted platform, it failed due in part to bad software and poor promotion. In the summer of 2001, he launched MartialTalk.com, and so began a 13 year journey in community building and forum management. Related Links This is a partial list of links from the show. This list will be updated to be complete once we have completed our transcript. Bob’s website Community Signal on SoundCloud Community Signal on Instagram MartialTalk.com, the community Bob founded 17 years ago, and ran for 13 years KarateForums.com, the community Patrick rounded 17 years ago IMDb, which erased 18 years of forum posts in 2 weeks “Why You Should Be Friends with the Managers of ‘Competing’ Communities” by Patrick, about his friendship with Bob Managing Online Forums, Patrick’s book Robert M. Carver, the founder of Budoseek, who Bob also was in contact with South by Southwest, a conference where Patrick attended a panel with Heather Champ, where the panel turned around their name placards to reveal nasty names community members had called them vBulletin, the software that powers MartialTalk.com phpBB, the software that powers KarateForums.com Wikipedia pages for Filipino martial arts and Modern Arnis, which provided the initial basis, topic wise, for MartialTalk.com Tim Hartman, who “pretty much” co-founded MartialTalk.com KenpoTalk.com, another community that Bob founded and managed for more than 11 years Forum Foundry, the company that Bob sold his communities to FMATalk, a community where Bob was also an administrator “Do You Love Your Community Enough to Let it Go? Why I Gave My Most Successful Community Away” by Patrick Bob’s online photography portfolio Bob’s martial arts photography Bob’s Facebook page Bob’s martial arts photography Facebook page Bob’s Instagram Transcript View transcript on our website Your Thoughts If you have any thoughts on this episode that you’d like to share, please leave me a comment, send me an email or a tweet. If you enjoy the show, we would be so grateful if you spread the word and supported Community Signal on Patreon. Thank you for listening to Community Signal.

Intro / Outro Christophe Deremy - Fairy Tail https://www.youtube.com/watch?v=X1Z9ODzO_zQ 00:02:40 Patch your vBulletin forum – or get popped goo.gl/14hvEC Millions of Steam game keys stolen after hacker breaches gaming site https://goo.gl/TT8Ftz GTAGaming Hack Blamed on Old vBulletin Software https://goo.gl/9LHbRS 00:09:40 Hackers Can Use Smart Sockets to Shut Down Critical Systems https://goo.gl/P7MxPV 00:11:46 DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise https://arxiv.org/abs/1608.03431 00:15:00 Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable https://goo.gl/jvZRCt 00:16:12 Cisco Begins Patching Equation Group ASA Zero Da https://goo.gl/ZAzguD 00:17:20 Researchers announce Linux kernel “network snooping” bug https://goo.gl/XQRN2h 00:23:36 IPhone Users Urged to Update Software After Security Flaws Are Found https://t.co/8mWfs6aril   00:26:22 This PC monitor hack can manipulate pixels for malicious effect https://goo.gl/9OT0Y4 00:29:07 Gotta Spam ‘em All - Pokémon GO Spam https://goo.gl/yc4vfF 00:30:35 Кибеаполиция про PokemonGo https://goo.gl/LyXQJO 00:31:42 Сторінка Нацгвардії у TWITTER зламана https://goo.gl/EhEfPg 00:32:24 “Fileless” UAC Bypass Using eventvwr.exe and Registry Hijacking https://goo.gl/GPNNYW Microsoft Windows UEFI Secure Boot — Insecure by Design? https://goo.gl/4q18oi https://rol.im/securegoldenkeyboot/ 00:34:52 Equation: The Death Star of Malware Galaxy https://goo.gl/deMaf3 00:39:26 PoC Unsigned Code Execution on a Sony PS4 System with firmwares 3.15, 3.50 and 3.55 - https://github.com/Fire30/PS4-3.55-Code-Execution-PoC 00:40:07 Fake Linus Torvalds' Key Found in the Wild, No More Short-IDs https://lkml.org/lkml/2016/8/15/445 00:41:10 Заява РНБО у зв’язку з ситуацією, що склалася навколо запуску системи електронного декларування https://goo.gl/5Q7FNv 00:42:15 Власти РФ отказались вводить уголовную ответственность за оборот биткоинов http://www.interfax.ru/business/523262 00:46:23 DDoSCoin: Cryptocurrency with a Malicious Proof-of-Work https://goo.gl/Qo5XX6 00:47:53 Major Events and Hacktivism #OpOlympicHacking https://goo.gl/nrhxoy 00:47:59 Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316] https://goo.gl/zuN6LX 00:49:18 Key Fob Hack Allows Attackers To Unlock Millions Of Cars https://goo.gl/4VdOQ4 00:50:25 SQL Injection Vulnerability in Ninja Forms https://goo.gl/McUkFh 00:51:14 Немного об интересной рассылке 00:53:22 Resource: List of Car hacking tools, Car security tools and Car security resources https://goo.gl/ySXapK 00:54:09 WildfireDecryptor tool https://goo.gl/jFgr4V

The first remote administration trojan that targets Android, Linux, Mac and Windows. Joomla and vBulletin have major flaws & tips for protecting your online privacy from some very motivated public figures. Plus some great questions, a rockin' roundup & much, much more!

The first remote administration trojan that targets Android, Linux, Mac and Windows. Joomla and vBulletin have major flaws & tips for protecting your online privacy from some very motivated public figures. Plus some great questions, a rockin' roundup & much, much more!

The first remote administration trojan that targets Android, Linux, Mac and Windows. Joomla and vBulletin have major flaws & tips for protecting your online privacy from some very motivated public figures. Plus some great questions, a rockin' roundup & much, much more!

I'm back! Maybe a little sleep-deprived and a tad grumpier than usual, but back to talk news! Topics Covered Microsoft unveils the new Digital Crime Unit, and it is quite the statement - http://www.darkreading.com/attacks-breaches/microsoft-unveils-state-of-the-art-cyber/240163924 http://www.microsoft.com/en-us/news/presskits/dcu/ CME Group hacked, claims platform and trades unaffected ...let's hope so - http://www.businessweek.com/news/2013-11-15/cme-group-says-its-computers-were-hacked-no-trades-affected Jeremy Hammond, Chicago's very own romanticized criminal - http://www.nbcnews.com/technology/hacker-tied-anonymous-gets-10-years-prison-cyberattacks-2D11603760 The FBI says there's a "hacking spree" on government webites by Anonymous hackers. You don't say ... - http://arstechnica.com/security/2013/11/fbi-warns-hacking-spree-on-government-agencies-is-a-widespread-problem/ There's an apparent zero-day in vBulletin, and it's serious enough that Def-Con's forums were taken down pro-actively ... - http://www.computerworld.com/s/article/9244109/Hackers_use_zero_day_vulnerability_to_breach_vBulletin_support_forum If you use SnapChat to send questionable selfies hoping they'll just evaporate...you're in for a bad time - http://www.sidhtech.com/news/snapchat-android-hack-iphone/10024107/

Topics Covered 9 Years After Shadowcrew, Feds Get Their Hands on Fugitive Cybercrook http://www.wired.com/threatlevel/2013/07/bulgarian-shadowcrew-arrest vBulletin Forums compromised (~15-~150k) to serve malware http://news.softpedia.com/news/Around-150-000-vBulletin-Forums-Compromised-Abused-to-Serve-Malware-366442.shtml America's EAS (Emergency Alert System) is open to compromise (still) http://www.wired.com/threatlevel/2013/07/eas-holes/ Mobile malware up 614% y/y says Juniper, but mostly Android http://www.computerworld.com/s/article/9240772/Mobile_malware_mainly_aimed_at_Android_devices_jumps_614_in_a_year Blue Box Security finds "master key" issue with Android - but there's more to it http://www.zdnet.com/android-oems-slow-to-roll-out-bluebox-security-patch-7000018012/

In unserem ersten Videopodcast zeigen wir euch das ACP der Forensoftware vBuelletin. E-Mail: webmaster@vbpodcast.de Homepage: www.vbpodcast.de

Forum expert Lee Dodd on making money with forums and he talks about making money off of your webmaster kind of vBulletin, social networking environments, forums, etc.