Password hack of fuels fears of in-the-wild 0-day attacks

Update:On Monday afternoon, vBulletin Technical Support Lead Wayne Luke issued a statement that said:

"Given our analysis of the evidence provided by the Inject0r team, we do not believe that they have uncovered a 0-day vulnerability in vBulletin. These hackers were able to compromise an insecure system that was used for testing vBulletin mobile applications. The best defense against potential compromises is to keep your system running on the very latest patch release of the software."

The Defcon forums remained unavailable as of Monday afternoon.

Read 12 remaining paragraphs | Comments