phpBB Released New Updates Just For You!

If the saying goes:"no news is good news", then unfortunately I have some bad news for you. I apologize for having to yet again alert you about another vulnerability that has hit our fantastic online world. Although I also have some good news, that is going to add lots of joy to your day. The bad news is that various multiple vulnerabilities have been confirmed in the phpBB Group, which I shall go into more detail about later on. The good news is that the phpBB Group has recently brought out a new version of phpBB, which aims to fix the previous vulnerabilities as well as a cross site scripting vulnerability. The fix was recently made available to the public.

First things first, let me get into some more detail with regard to what phpBB is. It is one of the most frequently used bulletin board systems in the world, which is open source. It has many remarkable features and if you have intentions of setting up a huge advanced board for a corporate website then phpBB is the way to go. phpBB is web based and can be used with a number of browsers, including the Opera browser. The files of the Opera browser include the following: op.com, opera_exe_file_id as well as opera.exe.

The phpBB vulnerabilities include the following:

1. There is an error with regard to the installation path that is returned in an error message. This takes place when certain invalid input is given.
2. Two major unspecified vulnerabilities were reported and confirmed.
3. There is a major problem when input is passed to parameters in various scripts that are not adequately modified prior to being returned to the user. This runs the risk of being exploited in order to execute script code and arbitrary HTML code, during a users browsing session, in the context of an insecure website. This may be done by convincing a user to go to a certain website or following a certain link which has been tampered with.

If malicious online attackers are able to exploit these vulnerabilities in the correct manner could conduct various online attacks and gain access to victims confidential information. If they are able to get their dirty hands on all your information, then you seriously don't stand much of chance and you may need to start saving from scratch, for that end of year holiday which you have planned. Simply put, expect all your money to 'miraculously' disappear.

Table 1. The dangers of these vulnerabilities

These vulnerabilities have been rated as moderately critical and can cause havoc for users. The question that I am sure all phpBB users are wondering is: what is the solution to these vulnerabilities? What can you do as a user in order to ensure a safer experience and not become a victim? Before you think about never using phpBB again, you don't need to resort to such extreme measures just yet as there is a solution. The solution is for all users to update to the latest version which is version 2.0.9. I would like to leave you with a wonderful quote in conclusion:"Security is always going to be a cat and mouse game because there'll be people out there that are hunting for the zero day award, you have people that don't have configuration management, don't have vulnerability management, don't have patch management."-Kevin Mitnick