iseff

Today, we were alerted that our site was part of an elaborate and sophisticated attack whose victims included large internet companies. We were alerted through the press, via an AllThingsD article, which cited Facebook. Prior to this article, we had no knowledge of this breach and hadn't been contacted by Facebook, any other company, or any law enforcement about the potential breach. You can read more about the attack via Facebook's blog post.

As the most widely read dedicated iOS developer forum, we're targeted for attacks frequently. Security is a top priority for us, which is one reason why we switched to Vanilla Forums to host our site last year. Vanilla manages security like pros, and I should be clear that -- as best we can tell right now -- this attack has nothing to do with their software.

Immediately, we were in contact with Facebook's security team, including Joe Sullivan, Facebook's Chief Security Officer, and his team, to learn what they knew. We also contacted Vanilla, our amazing forum hosts, to ensure the problem was not with their software.

What we've learned is that it appears a single administrator account was compromised. The hackers used this account to modify our theme and inject JavaScript into our site. That JavaScript appears to have used a sophisticated, previously unknown exploit to hack into certain user's computers.

We're still trying to determine the exploit's exact timeline and details, but it appears as though it was ended (by the hacker) on January 30, 2013.

As with Facebook, it's important to stress that we have no reason to believe user data was compromised.

Just to be sure, we've reset all users' passwords. Please use our Forgot Password feature the next time you log in to reset your password.

We're continuing to work with Facebook, Vanilla, other targeted companies, and law enforcement to find out who is behind this sophisticated attack.

We're very sorry for the inconvenience -- we'll work tirelessly to ensure your data's security now and in the future. I want to thank Vanilla Forums for their help in the matter and for keeping the site secure, as well as Facebook for their help quickly after we reached out.

Answer from Luc, CEO at Vanilla:

Our search is modeled on Google where we try to return the most relevant results from a simple keyword search.

An advanced search is very high on the priority list and should get done in our December release.

Luc

Hang tight until December! :)

It's been a bit of a rough couple weeks over here at iPhoneDevSDK HQ, but I'm very happy to announce the brand-new iPhoneDevSDK.

The new iPhoneDevSDK is like the old iPhoneDevSDK in the following ways:

• The same amazing, supportive, and intelligent community.
• All the same users (and your passwords) and threads, etc.
• Similar set up and structure.

However, the new iPhoneDevSDK is better than the old iPhoneDevSDK in the following ways:

• Now we run on Vanilla forums, a much better system than vBulletin.
• No more worrying about malware issues, site suspensions, etc.
• Easier management for moderators and administrators to keep the community healthy and happy.

We know there will be some kinks to figure out over the next few days, but our hope is that this will provide a much brighter future for the community as a whole.

In particular, I think there are some great new features provided by Vanilla that were not previously possible in vBulletin:

• Badges, Reactions, and Reputation: You now have the ability to earn badges and reputation points for participating and posting insightful, useful, and otherwise awesome comments. These badges and reputation points will be used to help other users know exactly why to trust you and your posts. There's also Reactions, which allow you to share feedback with others. You can help the community keep abusive members and spammers out using the Spam and Abuse reaction.
• @Username: Just like Twitter, you can now call attention to a particular user by @Username-ing them. For instance, you can do @iseff to mention me.
• Notifications: You can now visit your Profile and set fine-grained controls on when you should be notified: replies, mentions, bookmarked discussions, etc.
• User Walls: This is a new one, and I'm interested to watch it work. Just like a Facebook wall, every user profile now has a Wall. You can post messages to users by placing it on their wall (and others can see). Hopefully this will help the community engage with each other and build great relationships.

I hope you thoroughly enjoy the new forums, and if you have any questions at all, please do not hesitate to ask me directly via a private message.