Quake writes:  

A security issue with PHP-Nuke has been found in admin.php. This issue allows to add GOD admins easily to the admin. Bug reported to us by PeNdEjO (thanks alot).

I quickly made a fix and chatserv updated the packages. Its recommended that you get Nuke Patched 3.1 as quick as possible to avoid your site being hacked.

This issue does NOT affect NukeSentinel users or users that have a HTTP Authenticate check on their admin.php

Again, thanks to PeNdEjO

64bitguy writes:  

As people may or may not be aware, yesterday was huge in terms of vendors releasing critical security updates for a variety of platforms and solutions. Critical Updates include patches for such things as MS Word, IE, Firefox, Mozilla, Apple's Tiger functions in OS X and more.

For a detailed review, see my article at http://64bit.us/article87.html

hitwalker writes:  

An outbreak of Trojan horse programs is hitting networks around the world, an e-mail security company has warned.
MessageLabs said it has blocked 54,000 copies of new Downloader Trojans since 6 p.m. PDT on Wednesday.
They are pretty run of the mill ,they use e-mail subjects that have been used before, Alex Shipp, a senior antivirus technologist at MessageLabs, said. Read More...

Bob Marion carried a news item yesterday entitled PHPNuke Spam Assassin. FhfGhost has written a short script that masks the email address by converting the email address to an encoded ascii character representation of the string, using the PHP ord() function. Actually, the code was not written by him, but was copied from the user notes at php.net. What he has added is a couple of examples of how to use it in some nuke code. Using the straight ord() function is a step in the right direction, but it is predictable and could easily be reverse-engineered using the chr() function. So, I took that as a challenge and went hunting. Read on for my findings and enhancements and also a link to test with :). Read More...

Note: This requires that you are using FireFox/Mozilla. IE does not display the image. I am working trying to figure out why.



I have been working for some time now, off and on, to implement a different (if not better) mechanism for passcode security. Many security professionals swear by the Captcha. Basically and very high level, it attempts to create images that humans can read and programs cannot. Search Google for more information. I have implemented it as a test in the New User registration area. Once I am convinced it is working as well as it can, I will complete the site-wide implementation. Feedback is welcomed and I have set a Captcha Security forum up for support questions. Read More...

I am pulling the download from here. Too many problems and FB's major lack of testing and disregard for security testing has compromised any site using v7.7 or 7.8! Read more at NukeScripts.net