Jump to content

AVAST forum offline due to attack

pondus

By pondus
in General Chat

 Share

Recommended Posts

daledoc1

daledoc1

Posted
Posted

Hi, @Ghost_Killer:

 

 

That sucks but im sure Glad i use bitdefender free since ive had avast & it let viruses,etc into my pc & no issues since switching to bitdefender

 

This topic was started by @pondus to notify Avast users of a user forum outage, not to discuss one's AV preferences.

Please try to keep your posts on-topic.

 

Thanks very much for your understanding,

Link to post
Share on other sites
Nesivos

Nesivos

Posted
Posted

As recently as a year or so ago the avast! forum had a number of insecure connections.   While the main page may have been 'https' a number of the other pages on the forum were using 'http'.  So going from one location on the forum after having logged in to another location on the forum could have subjected the user to Man In The Middle attacks.  .

Link to post
Share on other sites
Ghost_Killer

Ghost_Killer

Posted
Posted

They probably didn't expect the forums to be hacked so it must have been a low priority for them to update it to stop the hacks from happening and after it was hacked theyre probably regreting that they didn't update the necessary software that needed to be updated if that was the case in this situation

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

One should not presume or wildly speculate that a software vulnerability/exploitation event ended up in a compromised Forum situation.
 
A malicious actor may have used Social Engineering or some form of spear phishing ploy to obtain credentials and thus the site was compromised.
 
Without the facts one should not draw conclusions or wildly speculate what happened.
 
What one may draw a conclusion on is hinted by Propheticus as one can ask themselves...

"Can I trust Alwil when they have experienced multiple breaches ?".

 

The devil is in the details.  Those details are in what actually happened or transpired at the Avast Support Forums.

Link to post
Share on other sites
John L. Galt

John L. Galt

Posted
Posted

Thanks goodness that there is at least one voice of sanity in here.  Throwing around speculations of what was and was not running and making grandiose claims that the company had done something or was not expecting something and thus claiming inside knowledge of their intentions and such is pure speculation.

 

Fact:  forums were down. 

 

Until more proof of information comes along, everything else is just speculation.

Link to post
Share on other sites
Wide_Glide

Wide_Glide

Posted
Posted

EMAIL AS FOLLOWS:

 

May 26 (2 days ago)

Dear Wide Glide,

The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work.

This issue only affects our community-support forum. No payment, license, or financial systems or other data were compromised.

We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately.

We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you. However, this is an isolated third-party system and your sensitive data remains secure.

All the best,

Ondrej Vlcek
COO AVAST Software

Link to post
Share on other sites
pondus

pondus

Posted
  • Author
Posted

Hi pondus,Any news on how long it will be offline? Just curious. I want the site to be secure as possible.

Hi Valinorum

I do not have any info about that yet

avast team arent known for being quick/good at informing.....seems it may take some time before you can continue your good work there

Link to post
Share on other sites
David H. Lipman

David H. Lipman

Posted
Posted

More specifically and in greater detail:

1- From the server logs, there is no evidence of any security vulnerability in the SMF code

2- From our analysis, it is our conclusion that the "hack" was the result of a compromised admin account (although, to be clear, without any specific evidence, this conclusion is still supposition, even if it is the best guess). Specifically, similar to the attack here at simplemachines.org late last year, an admin reused account information across multiple sites, one other of which was compromised. Once the hacker had the admin account information, he would be able to promote his other dummy account to Admin or even just act as the logged in account.

3- From the dates on the file edits, it would appear that the system was actually compromised several months ago, but was not noticed until the hacker did something obvious, here in May.

Of course, the server logs from that time are not available from Avast, so we can not confirm this by any method other than the date-stamp on the infected file.

4- Avast told us that they did not "lock down" the permissions of their files. This is important, because even a compromised admin account would still need FTP passwords (if FTP is even available) to make file changes if the file permissions were locked.

As I wrote...

One should not presume or wildly speculate that a software vulnerability/exploitation event ended up in a compromised Forum situation.

A malicious actor may have used Social Engineering or some form of spear phishing ploy to obtain credentials and thus the site was compromised.

Thus this is a good lesson on why we should not speculate on things that we don't have first hand information on or knowledge of.

 

Thank you very much for the update Propheticus.   post-14644-0-89582900-1402105415.gif

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.