If you are having a problem with logging into the site or with registering, then post under this forum to try to get help, or just use the "contact us" link at the bottom of the page to notify the Site Administrators.
- Forum Regular
- Posts: 885
- Joined: Tue Sep 22, 2015 6:56 pm
Who will hack an linux forum ?
2. To what end ? To gain what ?
Hack in order to install a rootkit and get the server to participate in a botnet.
Then it can be employed, on demand via command-and-control, as a spam bulk mailer, a DDOS attack participant, a bitcoin miner...
Rootkit doesn't need to be at o/s level, can be code added into php scripts (phpBB forum software), or otherwise run with the webserver (service) permissions.
Next thing ya know (for instance)... the domain you're operating the compromised webserver from (in this case mepiscommunity.com), you find out no one can receive your domain mailserver because the domain has been added to spamlist.
- Forum Guide
- Posts: 2472
- Joined: Sat Aug 22, 2009 11:36 pm
I think I was wrong about Let's Encrypt certificates being untrusted. From their blog
Getting a new root trusted and propagated broadly can take 3-6 years. In order to start issuing widely trusted certificates as soon as possible, we partnered with another CA, IdenTrust, which has a number of existing trusted roots. As part of that partnership, an IdenTrust root “vouches for” the certificates that we issue, thus making our certificates trusted. We’re incredibly grateful to IdenTrust for helping us to start carrying out our mission as soon as possible.
Firefox-50 will trust Let's Encrypt directly but since the existing authority IdenTrust is vouching for Let's Encrypt, I believe the Let's Encrypt certificates will be trusted by all (or almost all) browsers and the scary error/warning box won't appear.
Will I cry when it's all over?
When I die will I see Heaven?
- Forum Novice
- Posts: 85
- Joined: Sun Feb 03, 2008 10:03 pm
The address Adrian specified http://blog.linuxmint.com/?p=2994
"We were exposed to an intrusion today. It was brief and it shouldn’t impact many people" and points to the measures taken, in a way confirming my original post.
I agree that, in the long run, measures should be taken to avoid unencrypted passwords floating on the net. I read some cases where hacks where not done for money gain but for political reasons, revenge or simply to show one can do some harm.
- Forum Veteran
- Posts: 8970
- Joined: Wed Jul 12, 2006 1:42 am
sanlav, I don't understand the source of your resistance to this request, if you feel fine having your password sent in clear over the hops on the internet that's your prerogative, just like I have the right to want my password be encrypted.
- Forum Veteran
- Posts: 22599
- Joined: Wed Jul 19, 2006 6:13 am
The Devs are going to move this discussion to their own Forum for a bit, since there are some sensitive issues involved that we need to go over before a general discussion can proceed.
Thanks for the input so far--we'll be back.
Production: 4.15.0-1-amd64, MX-17.1, AMD FX-4130 Quad-Core, GeForce GT 630/PCIe/SSE2, 8 GB, Kingston SSD 120 GB and WesternDigital 1TB
Testing: AAO 722: 4.15.0-1-386. MX-17.1, AMD C-60 APU, 4 GB