Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 24 Oct 2014, 06:45
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Heartbleed in murga-linux.com?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [11 Posts]  
Author Message
mavrothal


Joined: 24 Aug 2009
Posts: 1698

PostPosted: Sat 12 Apr 2014, 05:30    Post subject:  Heartbleed in murga-linux.com?  

Though everybody is wondering if puppy is affected by the HeartBleed openSSL bug (even if puppy is not the most likely OS for a server Rolling Eyes ) I was rather wondering if murga-linux.com was vulnerable to the bug.
Test sites showing it as fine now and I guess is not a major site Shocked to make the lists, but should we be changing passwords fast or not?

_________________
Kids all over the world go around with an XO laptop. They deserve one puppy (or many) too Very Happy
Back to top
View user's profile Send private message 
dejan555


Joined: 30 Nov 2008
Posts: 2686
Location: Montenegro

PostPosted: Sat 12 Apr 2014, 05:56    Post subject:  

considering that forum is running ancient phpbb version I doubt openssl is being bumped to newer versions with bug included either.
But maybe server management is not managed by John but some hosting company. In that case he should mail them.

_________________


Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
ThoriumBlvd


Joined: 04 Oct 2013
Posts: 151
Location: N.E. USA

PostPosted: Sat 12 Apr 2014, 06:37    Post subject:  

IIRC GoDaddy is either the server-host or the domain-holder. Good luck with that.
_________________
.
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11121
Location: Arizona USA

PostPosted: Sat 12 Apr 2014, 08:38    Post subject:  

Website security is the responsibility of our website administrator, John Murga, not our host, whoever that is. As dejan555 pointed out, our website software is so old that it could not contain the ssl "enhancement" that introduced the Heartbleed flaw. Laughing
Back to top
View user's profile Send private message 
Semme

Joined: 07 Aug 2011
Posts: 3969
Location: World_Hub

PostPosted: Sat 12 Apr 2014, 08:49    Post subject:  

As I've never seen an encrypted page here, I doubt murga-linux even supports ssl over http.
Code:
echo ^D | telnet www.murga-linux.com https

And if it does.. WHOOP-DEE-DOO!

http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=www.murga-linux.com&protocol=https

https://www.sslshopper.com/ssl-checker.html#hostname=www.murga-linux.com
Back to top
View user's profile Send private message 
mavrothal


Joined: 24 Aug 2009
Posts: 1698

PostPosted: Sat 12 Apr 2014, 10:33    Post subject:  

Flash wrote:
As dejan555 pointed out, our website software is so old that it could not contain the ssl "enhancement" that introduced the Heartbleed flaw. Laughing

The fact that php is old does not necessarily means that the OS is old too, but as correctly pointed out there are no https here. So all the passwords can be sniffed out but at least we are safe from heardbleed Laughing

_________________
Kids all over the world go around with an XO laptop. They deserve one puppy (or many) too Very Happy
Back to top
View user's profile Send private message 
slavvo67

Joined: 12 Oct 2012
Posts: 442
Location: The other Mr. 305

PostPosted: Sat 12 Apr 2014, 11:53    Post subject:  

So what you're saying is it's good to be old! Hoorah! Laughing
Back to top
View user's profile Send private message 
dejan555


Joined: 30 Nov 2008
Posts: 2686
Location: Montenegro

PostPosted: Sun 13 Apr 2014, 04:55    Post subject:  

mavrothal wrote:
So all the passwords can be sniffed out but at least we are safe from heardbleed Laughing


Laughing Yeah, logging to forum works even from dillo xD

_________________


Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
mikeb


Joined: 23 Nov 2006
Posts: 8362

PostPosted: Sun 13 Apr 2014, 07:00    Post subject:  

Dropbox has messed up my use of curl to access it as it's changed its ssl system because of this.
The point is are there any other puppy related sites using https that might affect such as package managers, quickpet, flash updaters etc etc?

mike
Back to top
View user's profile Send private message 
jamesbond

Joined: 26 Feb 2007
Posts: 2230
Location: The Blue Marble

PostPosted: Wed 16 Apr 2014, 10:37    Post subject:  

mavrothal wrote:
The fact that php is old does not necessarily means that the OS is old too, but as correctly pointed out there are no https here. So all the passwords can be sniffed out but at least we are safe from heardbleed Laughing


Now that's different. This forum doesn't use http so we can expect anybody to sniff our passwords just like that. But those https sites come with *expectation* that they are secure. The fact that they are *not* Rolling Eyes

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Wed 16 Apr 2014, 11:18    Post subject:  

John told us some years ??? ago that he choose
the old version to avoid some vulnerability.

But I am too much noob to not get such things.

But I do remember him made it a choice and
he did see some merit doing it that way.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [11 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0746s ][ Queries: 12 (0.0128s) ][ GZIP on ]