Thread Info
  • Locked Locked
  • Replies 79 replies
  • Subscribers 6 subscribers
  • Views 143465 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro.org

AlanT

Hi Everyone,

we've been planning a migration to a newer and more capable forum site for some time now, and were just a few weeks away from kicking off this process. Unfortunately, a recent vulnerability has appeared in the wild, affecting vBulletin, the software we were using for the astaro.org communities site. Astaro.org was not compromised from this vulnerability, but as a precaution, we did take the site down, to protect our users. 

The site used a number of add-ons, and some custom plugins, which would need weeks of effort to convert and replace, if we were to upgrade the site and apply fixes for this vulnerability. As we were planning to migrate by that time anyway, we've made the decision to cut immediately to the new communities site, which has been running successfully for other Sophos products. To that end, we've spun up two forums quickly, where astaro.org users can again congregate. unfortunately, it will still take some time to complete the migration, so user accounts, and previously posted content has not yet been migrated. This process will take a matter of weeks to complete. In the interim, we will create a static view of the astaro.org, so content there will still be accessible. This should be completed later today.

This certainly wasn't the introduction we wanted for our new communities site, but we are excited about the new platform, and its capabilities. Please be patient as we step through this transition as quickly as we can. There will be some pain, but we will try our best to minimize it for you. 

Thanks everyone for your patience, and understanding!

Alan Toews

Technical Product Manager, Network Security, Sophos



This thread was automatically locked due to age.
Parents

  • Hi All. My name is Sherwin (aka Sure Win) and I am responsible for the Sophos Community.

    We've spoken with moderators like  and read a number of comments and suggestions on how we can improve the experience of Sophos Community. It's understandable that the UX and UI needs improvements and some of the features found in Astaro.org are not the same or available here. But, these are things we want to work with everyone here to improve on.

    The Sophos Community is new and very much beta. I hope we can continue to work together to build and refine the community so that you and others want to come and read the latest and greatest while drinking a cup of coffee (). 

    Send us your feedback here and if you wish, you may contact me directly at sherwin.pao@sophos.com

  • in reply to Sure Win 2

    Hi Sherwin, great to see you here. I would generally be willing to provide more feedback but for some reason recently, I get the feeling that the user feedback is used more for pageantry and fanfare than actually changing anything.

    For one, I would like to change the user's ability to like their own posts. We were mostly professionals participating on the astaro.org board and not a bunch of adolescents that needed to like their own posts.

    I also find it interesting that astaro.org which matched the UTM theme died a tragic death right before the GA of copernicus which unbelievably matches the new community website.

    In any case, sorry for sounding unhappy...

    Regards
    Bill

    Edit: ,  can you give us some details on the actual vulnerability that was so hard to patch/workaround that astaro.org went dark so quickly.

  • in reply to Billybob
    the actual vulnerability isn't hard to patch it depends on how much the admins had customized the plugins or customization made to various other parts of the code. A UTM with form hardening would have stopped this in it's tracks though.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • in reply to William Warren

    I actually got a tweet about it earlier. I was just trying to bait BAlfson to join the discussion and show the absurdity of pulling the plug on astaro.org. I laughed when I read today that they had mitigated the vulnerability and the not so read-only site is back ;-)

    All the other over the top comments of being a security company and not a car forum were entertaining considering that they unplugged the server as their first line of defense;-) Not to mention that the original hack was already available in the wild for almost 4 days before sophos noticed it.

    Anyone interested, you can check #vBulletin or on twitter

Reply
  • in reply to William Warren

    I actually got a tweet about it earlier. I was just trying to bait BAlfson to join the discussion and show the absurdity of pulling the plug on astaro.org. I laughed when I read today that they had mitigated the vulnerability and the not so read-only site is back ;-)

    All the other over the top comments of being a security company and not a car forum were entertaining considering that they unplugged the server as their first line of defense;-) Not to mention that the original hack was already available in the wild for almost 4 days before sophos noticed it.

    Anyone interested, you can check #vBulletin or on twitter

Children
No Data
Unfiltered HTML