Author Topic: avast! forums still offline after hack  (Read 33624 times)

LowWaterMark

  • Administrator
  • Newbie
  • *****
  • Posts: 15
  • Security Guy
    • View Profile
avast! forums still offline after hack
« on: May 30, 2014, 05:54:36 PM »
The avast! forum remains offline since it was hacked on May 24, 2014.  No word has yet been released as to the exact attack vector used to gain entry.  Company representatives said the database of usernames, email addresses and hashed passwords for its almost 400,000 members was downloaded by the hackers.

The avast! forum was running on the SMF (Simple Machines Forum) software package.  The avast! COO stated they were running version 2.0.6, though there was confusion over why their forum had an old copyright date notice in their footer, (i.e. SMF © 2012).  There were no versions of SMF v2 using that date.  A v2.0.6 SMF forum should have had a 2013 date for its copyright notice.

Early speculation by avast! staff was that there was an unannounced security fix in the latest version of the SMF, v2.0.7, which may have been used to hack their forum.  The SMF support team denies any security fix was included in 2.0.7.

This forum was built deliberately to review the upgrade path, copyright notice dates, and code changes, occurring from a base install of SMF v2.0.3, and stepping through each patch/upgrade kit to 2.0.7.  No 2012 copyright signature ever appeared throughout this process.  Likewise, a code review performed here showed no security fixes occurred from 2.0.6 to 2.0.7.  The changelog from the SMF website appears to be accurate.

avast! and the SMF team have said they are working together to review logs, and any other available data, in order to determine just what happened during the hack.
Forum and website security consultant

LowWaterMark

  • Administrator
  • Newbie
  • *****
  • Posts: 15
  • Security Guy
    • View Profile
Forum and website security consultant

LowWaterMark

  • Administrator
  • Newbie
  • *****
  • Posts: 15
  • Security Guy
    • View Profile
Re: avast! forums still offline after hack
« Reply #2 on: June 03, 2014, 04:55:10 PM »
Amazingly, the avast! forums are still offline at this time.

A forum conversion should not take this long.

It makes you wonder just what is going on there.
Forum and website security consultant

LowWaterMark

  • Administrator
  • Newbie
  • *****
  • Posts: 15
  • Security Guy
    • View Profile
Re: avast! forums still offline after hack
« Reply #3 on: June 07, 2014, 04:44:35 AM »
avast! really seems to have dropped the ball on this.  There is no reason for them to have taken this long to address this situation.

We now have this update from SMF:

http://www.simplemachines.org/community/index.php?topic=523494.msg3704499#msg3704499

Yet, no word of update from avast! at all.
Forum and website security consultant

LowWaterMark

  • Administrator
  • Newbie
  • *****
  • Posts: 15
  • Security Guy
    • View Profile
Re: avast! forums still offline after hack
« Reply #4 on: June 13, 2014, 01:17:37 PM »
The avast! forum reopened about two hours ago. (At least that is the timing of a relauch message posted in their main section.)

The forum remains on SMF, now version 2.0.7.

Here's a view of the bottom of the index page:

Forum and website security consultant