Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

Can we encrypt the forum already?

If you are having a problem with logging into the site or with registering, then post under this forum to try to get help, or just use the "contact us" link at the bottom of the page to notify the Site Administrators.
Message
Author
skidoo
Forum Regular
Forum Regular
Posts: 788
Joined: Tue Sep 22, 2015 6:56 pm

Re: Can we encrypt the forum already?

#11 Post by skidoo » Sat Sep 10, 2016 10:35 pm

Who will hack an linux forum ?
2. To what end ? To gain what ?
Hack in order to install a rootkit and get the server to participate in a botnet.
Then it can be employed, on demand via command-and-control, as a spam bulk mailer, a DDOS attack participant, a bitcoin miner...

Rootkit doesn't need to be at o/s level, can be code added into php scripts (phpBB forum software), or otherwise run with the webserver (service) permissions.
Next thing ya know (for instance)... the domain you're operating the compromised webserver from (in this case mepiscommunity.com), you find out no one can receive your domain mailserver because the domain has been added to spamlist.

User avatar
BitJam
Forum Guide
Forum Guide
Posts: 2472
Joined: Sat Aug 22, 2009 11:36 pm

Re: Can we encrypt the forum already?

#12 Post by BitJam » Sat Sep 10, 2016 10:49 pm

I think I was wrong about Let's Encrypt certificates being untrusted. From their blog:
Getting a new root trusted and propagated broadly can take 3-6 years. In order to start issuing widely trusted certificates as soon as possible, we partnered with another CA, IdenTrust, which has a number of existing trusted roots. As part of that partnership, an IdenTrust root “vouches for” the certificates that we issue, thus making our certificates trusted. We’re incredibly grateful to IdenTrust for helping us to start carrying out our mission as soon as possible.
Firefox-50 will trust Let's Encrypt directly but since the existing authority IdenTrust is vouching for Let's Encrypt, I believe the Let's Encrypt certificates will be trusted by all (or almost all) browsers and the scary error/warning box won't appear.
Will I cry when it's all over?
When I die will I see Heaven?

User avatar
sanlav
Forum Novice
Forum  Novice
Posts: 83
Joined: Sun Feb 03, 2008 10:03 pm

Re: Can we encrypt the forum already?

#13 Post by sanlav » Sun Sep 11, 2016 3:25 am

The address Adrian specified http://blog.linuxmint.com/?p=2994 mention :
"We were exposed to an intrusion today. It was brief and it shouldn’t impact many people" and points to the measures taken, in a way confirming my original post.
BUT
I agree that, in the long run, measures should be taken to avoid unencrypted passwords floating on the net. I read some cases where hacks where not done for money gain but for political reasons, revenge or simply to show one can do some harm.

User avatar
Adrian
Forum Veteran
Forum Veteran
Posts: 8206
Joined: Wed Jul 12, 2006 1:42 am

Re: Can we encrypt the forum already?

#14 Post by Adrian » Sun Sep 11, 2016 9:19 am

sanlav, I don't understand the source of your resistance to this request, if you feel fine having your password sent in clear over the hops on the internet that's your prerogative, just like I have the right to want my password be encrypted.

User avatar
Jerry3904
Forum Veteran
Forum Veteran
Posts: 21639
Joined: Wed Jul 19, 2006 6:13 am

Re: Can we encrypt the forum already?

#15 Post by Jerry3904 » Sun Sep 11, 2016 7:02 pm

The Devs are going to move this discussion to their own Forum for a bit, since there are some sensitive issues involved that we need to go over before a general discussion can proceed.

Thanks for the input so far--we'll be back.
Production: 4.15.0-1-amd64, MX-17.1, AMD FX-4130 Quad-Core, GeForce GT 630/PCIe/SSE2, 8 GB, Kingston SSD 120 GB and WesternDigital 1TB
Testing: AAO 722: 4.15.0-1-386. MX-17.1, AMD C-60 APU, 4 GB

Post Reply

Return to “Site Help”