Can we encrypt the forum already?

If you are having a problem with logging into the site or with registering, then post under this forum to try to get help, or just use the "contact us" link at the bottom of the page to notify the Site Administrators.
Message
Author
skidoo
Posts: 753
Joined: Tue Sep 22, 2015 6:56 pm

Re: Can we encrypt the forum already?

#11 Post by skidoo »

Who will hack an linux forum ?
2. To what end ? To gain what ?
Hack in order to install a rootkit and get the server to participate in a botnet.
Then it can be employed, on demand via command-and-control, as a spam bulk mailer, a DDOS attack participant, a bitcoin miner...

Rootkit doesn't need to be at o/s level, can be code added into php scripts (phpBB forum software), or otherwise run with the webserver (service) permissions.
Next thing ya know (for instance)... the domain you're operating the compromised webserver from (in this case mepiscommunity.com), you find out no one can receive your domain mailserver because the domain has been added to spamlist.

User avatar
BitJam
Developer
Posts: 2283
Joined: Sat Aug 22, 2009 11:36 pm

Re: Can we encrypt the forum already?

#12 Post by BitJam »

I think I was wrong about Let's Encrypt certificates being untrusted. From their blog:
Getting a new root trusted and propagated broadly can take 3-6 years. In order to start issuing widely trusted certificates as soon as possible, we partnered with another CA, IdenTrust, which has a number of existing trusted roots. As part of that partnership, an IdenTrust root “vouches for” the certificates that we issue, thus making our certificates trusted. We’re incredibly grateful to IdenTrust for helping us to start carrying out our mission as soon as possible.
Firefox-50 will trust Let's Encrypt directly but since the existing authority IdenTrust is vouching for Let's Encrypt, I believe the Let's Encrypt certificates will be trusted by all (or almost all) browsers and the scary error/warning box won't appear.
"The first principle is that you must not fool yourself -- and you are the easiest person to fool."

-- Richard Feynman

User avatar
sanlav
Posts: 16
Joined: Sun Feb 03, 2008 10:03 pm

Re: Can we encrypt the forum already?

#13 Post by sanlav »

The address Adrian specified http://blog.linuxmint.com/?p=2994 mention :
"We were exposed to an intrusion today. It was brief and it shouldn’t impact many people" and points to the measures taken, in a way confirming my original post.
BUT
I agree that, in the long run, measures should be taken to avoid unencrypted passwords floating on the net. I read some cases where hacks where not done for money gain but for political reasons, revenge or simply to show one can do some harm.

User avatar
Adrian
Developer
Posts: 8248
Joined: Wed Jul 12, 2006 1:42 am

Re: Can we encrypt the forum already?

#14 Post by Adrian »

sanlav, I don't understand the source of your resistance to this request, if you feel fine having your password sent in clear over the hops on the internet that's your prerogative, just like I have the right to want my password be encrypted.

User avatar
Jerry3904
Administrator
Posts: 21881
Joined: Wed Jul 19, 2006 6:13 am

Re: Can we encrypt the forum already?

#15 Post by Jerry3904 »

The Devs are going to move this discussion to their own Forum for a bit, since there are some sensitive issues involved that we need to go over before a general discussion can proceed.

Thanks for the input so far--we'll be back.
Production: 5.10, MX-23 Xfce, AMD FX-4130 Quad-Core, GeForce GT 630/PCIe/SSE2, 16 GB, SSD 120 GB, Data 1TB
Personal: Lenovo X1 Carbon with MX-23 Fluxbox and Windows 10
Other: Raspberry Pi 5 with MX-23 Xfce Raspberry Pi Respin

Post Reply

Return to “Site Help”