(2018-06-05, 08:18 PM)Brian Wrote: Are we sure all vulnerabilities with Tapatalk are fixed?
No, we're not. Best not to take chances either. For now I've removed the Tapatalk plugin. Good catch, Brian!
(2018-06-05, 08:18 PM)Brian Wrote: Are we sure all vulnerabilities with Tapatalk are fixed? No, we're not. Best not to take chances either. For now I've removed the Tapatalk plugin. Good catch, Brian!
Only five security vulnerabilities in Tapatalk software are listed on a website whose feed is the National Vulnerability Database:
(This post was last modified: 2018-06-06, 06:01 AM by Laird.)
Tapatalk : Security Vulnerabilities The only vulnerability that applies to the Tapatalk plugin for MyBB is CVE-2017-14652: Quote:SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process. That's a serious security hole, but on the other hand, it's not unusual for complex software to at some point in its lifetime expose a serious security hole, and this one appears to have been fixed. By comparison, our forum software itself, MyBB, has 89 security vulnerabilities listed in that same database. It is easy to find online posts alluding to the Tapatalk forum plugins and/or mobile apps breaching permissions, such as allowing private forums to be viewed, but I have as yet found no first-hand reports of such breaches of permission aside from potentially, this one, and in our informal testing, we have not yet found any ourselves. Moreover, I am not aware of any current security problems with Tapatalk, nor any evidence that Tapatalk developers refuse to fix security problems in a timely fashion as they arise, and given that it might be a valuable interface for some Psience Quest members, I am inclined to re-enable Tapatalk on our forum. Perhaps the best case against re-enabling it is the bullet point list in the opening post of the TapaTalk support to be disabled thread on thePhins.com. These bullet points do not seem to me, however, to make a compelling case against enabling Tapatalk given its potential value to Psience Quest members, and especially considering that it seems (though we would have to test this) that we can prevent forum registrations via Tapatalk, and thus can maintain our process of checks to minimise the chance of spammers/trolls/sock-puppeteers registering. Oh, and one other criticism of Tapatalk I've seen regularly is that it tracks clicks on outbound links in forums (see also the thread, A question of privacy, on the Tapatalk Support Group forum). I am not sure whether it is still doing this, but if so it is certainly a privacy concern of which users of the Tapatalk mobile apps should be aware. My suggestion is that we re-enable Tapatalk but remain cautious about it and on the lookout for security/privacy breaches, but I welcome input from other forum members.
I agree Laird. Thanks for doing that research.
(This post was last modified: 2018-06-06, 01:34 PM by Ninshub.)
Have you reinstalled the plug in laird? Because I can’t log in.
(2018-06-06, 04:07 PM)Ninshub Wrote: Have you reinstalled the plug in laird? Because I can’t log in. I hadn't (I wanted to see whether anybody had any objections first) but have now. Have also disabled registrations via the Tapatalk mobile apps in the plugin's settings on our forum, and that seems to have worked.
Does anyone know how to paste a link in Tapatalk? I can’t figure it out.
I don’t think you can get access to the ‘closed topics’ through Tapatalk.
Oh my God, I hate all this.
Just bought an iPad and am trying out Tapatalk. Have not seen any ads yet and typing and replies seem much easier than using the normal browser interface. Not as quick as a laptop keyboard for me but my thumbs are not as agile as those of younger generations.
Sent from my iPad using Tapatalk
I do not make any clear distinction between mind and God. God is what mind becomes when it has passed beyond the scale of our comprehension.
Freeman Dyson
I'm attaching this to this thread because it is the only way I can post. The create thread button isn't working for me. I use OS X and have tried chrome and safari. The box where you type the text disappears. Anyone else seeing this?
|
« Next Oldest | Next Newest »
|