Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 25 Oct 2014, 15:15
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Heartbleed in murga-linux.com?
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message
mavrothal


Joined: 24 Aug 2009
Posts: 1702

PostPosted: Sat 12 Apr 2014, 05:30    Post_subject:  Heartbleed in murga-linux.com?  

Though everybody is wondering if puppy is affected by the HeartBleed openSSL bug (even if puppy is not the most likely OS for a server Rolling Eyes ) I was rather wondering if murga-linux.com was vulnerable to the bug.
Test sites showing it as fine now and I guess is not a major site Shocked to make the lists, but should we be changing passwords fast or not?

_________________
Kids all over the world go around with an XO laptop. They deserve one puppy (or many) too Very Happy
Back to top
View user's profile Send_private_message 
dejan555


Joined: 30 Nov 2008
Posts: 2690
Location: Montenegro

PostPosted: Sat 12 Apr 2014, 05:56    Post_subject:  

considering that forum is running ancient phpbb version I doubt openssl is being bumped to newer versions with bug included either.
But maybe server management is not managed by John but some hosting company. In that case he should mail them.

_________________


Back to top
View user's profile Send_private_message Visit_website MSNM 
ThoriumBlvd


Joined: 04 Oct 2013
Posts: 151
Location: N.E. USA

PostPosted: Sat 12 Apr 2014, 06:37    Post_subject:  

IIRC GoDaddy is either the server-host or the domain-holder. Good luck with that.
_________________
.
Back to top
View user's profile Send_private_message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11122
Location: Arizona USA

PostPosted: Sat 12 Apr 2014, 08:38    Post_subject:  

Website security is the responsibility of our website administrator, John Murga, not our host, whoever that is. As dejan555 pointed out, our website software is so old that it could not contain the ssl "enhancement" that introduced the Heartbleed flaw. Laughing
Back to top
View user's profile Send_private_message 
Semme

Joined: 07 Aug 2011
Posts: 3972
Location: World_Hub

PostPosted: Sat 12 Apr 2014, 08:49    Post_subject:  

As I've never seen an encrypted page here, I doubt murga-linux even supports ssl over http.
Code:
echo ^D | telnet www.murga-linux.com https

And if it does.. WHOOP-DEE-DOO!

http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=www.murga-linux.com&protocol=https

https://www.sslshopper.com/ssl-checker.html#hostname=www.murga-linux.com
Back to top
View user's profile Send_private_message 
mavrothal


Joined: 24 Aug 2009
Posts: 1702

PostPosted: Sat 12 Apr 2014, 10:33    Post_subject:  

Flash wrote:
As dejan555 pointed out, our website software is so old that it could not contain the ssl "enhancement" that introduced the Heartbleed flaw. Laughing

The fact that php is old does not necessarily means that the OS is old too, but as correctly pointed out there are no https here. So all the passwords can be sniffed out but at least we are safe from heardbleed Laughing

_________________
Kids all over the world go around with an XO laptop. They deserve one puppy (or many) too Very Happy
Back to top
View user's profile Send_private_message 
slavvo67

Joined: 12 Oct 2012
Posts: 445
Location: The other Mr. 305

PostPosted: Sat 12 Apr 2014, 11:53    Post_subject:  

So what you're saying is it's good to be old! Hoorah! Laughing
Back to top
View user's profile Send_private_message 
dejan555


Joined: 30 Nov 2008
Posts: 2690
Location: Montenegro

PostPosted: Sun 13 Apr 2014, 04:55    Post_subject:  

mavrothal wrote:
So all the passwords can be sniffed out but at least we are safe from heardbleed Laughing


Laughing Yeah, logging to forum works even from dillo xD

_________________


Back to top
View user's profile Send_private_message Visit_website MSNM 
mikeb


Joined: 23 Nov 2006
Posts: 8367

PostPosted: Sun 13 Apr 2014, 07:00    Post_subject:  

Dropbox has messed up my use of curl to access it as it's changed its ssl system because of this.
The point is are there any other puppy related sites using https that might affect such as package managers, quickpet, flash updaters etc etc?

mike
Back to top
View user's profile Send_private_message 
jamesbond

Joined: 26 Feb 2007
Posts: 2230
Location: The Blue Marble

PostPosted: Wed 16 Apr 2014, 10:37    Post_subject:  

mavrothal wrote:
The fact that php is old does not necessarily means that the OS is old too, but as correctly pointed out there are no https here. So all the passwords can be sniffed out but at least we are safe from heardbleed Laughing


Now that's different. This forum doesn't use http so we can expect anybody to sniff our passwords just like that. But those https sites come with *expectation* that they are secure. The fact that they are *not* Rolling Eyes

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Wed 16 Apr 2014, 11:18    Post_subject:  

John told us some years ??? ago that he choose
the old version to avoid some vulnerability.

But I am too much noob to not get such things.

But I do remember him made it a choice and
he did see some merit doing it that way.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0660s ][ Queries: 11 (0.0058s) ][ GZIP on ]