Possible security issue?! • KDE Community Forums

This forum has been archived. All content is frozen. Please use KDE Discuss instead.

Board index

Possible security issue?!

Page 1 of 1 (11 posts)

Tags:

raddison Registered Member Posts 515 Karma 0	Possible security issue?! Thu Feb 02, 2017 4:02 pm Hi guys, https://plus.google.com/photos/10656778 ... OO-ic2KlgE Yeah, what's that all about? Best wishes community, Richard Addison Proud to be powered by Plasma
raddison Registered Member Posts 515 Karma 0	Re: Possible security issue?! Thu Feb 02, 2017 5:05 pm @Admin/moderator Have you seen the images? The Neon homepage seems to contain insecure elements. Proud to be powered by Plasma
Aranjedeath Registered Member Posts 12 Karma 1 OS	Re: Possible security issue?! Thu Feb 02, 2017 5:33 pm The paypal image on the homepage isn't loaded via https. just a simple fix on Neon's part.
raddison Registered Member Posts 515 Karma 0	Re: Possible security issue?! Thu Feb 02, 2017 5:42 pm Aranjedeath wrote:The paypal image on the homepage isn't loaded via https. just a simple fix on Neon's part. Hi, Yeah, I think the same. Is it exploitable? Proud to be powered by Plasma
nalvarez KDE Developer Posts 8 Karma 0 OS	Re: Possible security issue?! Thu Feb 02, 2017 5:52 pm It just means someone who manages to intercept your network traffic could tell that you visited the neon website, and maybe replace that image with another.
Aranjedeath Registered Member Posts 12 Karma 1 OS	Re: Possible security issue?! Thu Feb 02, 2017 6:21 pm raddison wrote: Aranjedeath wrote:The paypal image on the homepage isn't loaded via https. just a simple fix on Neon's part. Hi, Yeah, I think the same. Is it exploitable? Exploitable to what end? You could replace the image, perhaps with **** data. It's not particularly harmful, especially given the image actually is served over https. Browser mixed-content detector doesn't care about that though, it sees http:// link and shrieks. It's been fixed already, anyway.
raddison Registered Member Posts 515 Karma 0	Re: Possible security issue?! Thu Feb 02, 2017 6:25 pm nalvarez wrote:It just means someone who manages to intercept your network traffic could tell that you visited the neon website, and maybe replace that image with another. Isn't exactly what I'd like, is it? Proud to be powered by Plasma
raddison Registered Member Posts 515 Karma 0	Re: Possible security issue?! Thu Feb 02, 2017 6:43 pm Aranjedeath wrote: raddison wrote: Aranjedeath wrote: The paypal image on the homepage isn't loaded via https. just a simple fix on Neon's part. Hi, Yeah, I think the same. Is it exploitable? Exploitable to what end? You could replace the image, perhaps with **** data. It's not particularly harmful, especially given the image actually is served over https. Browser mixed-content detector doesn't care about that though, it sees http:// link and shrieks. It's been fixed already, anyway. Yeah, the issue is gone. Neon is one of the most (if not the most) prominent projects in Linuxworld. Hence it's likely to be targeted. @You who fixed it: Please keep us safe, okay? Thank you. I consider the matter closed. Best wishes community, Richard Addison Proud to be powered by Plasma
scummos Global Moderator Posts 1175 Karma 7 OS	Re: Possible security issue?! Fri Feb 03, 2017 12:22 pm raddison wrote:Neon is one of the most (if not the most) prominent projects in Linuxworld. Hence it's likely to be targeted. Is there a single documented case of somebody man-in-the-middling a Linux distro's download site in the last 25 years? Just to calibrate the usage of the word "likely" I'm working on the KDevelop IDE.
subdiff Registered Member Posts 59 Karma 0 OS	Re: Possible security issue?! Fri Feb 03, 2017 12:49 pm Did you live under a rock the last year? http://www.theregister.co.uk/2016/02/21 ... cial_site/
scummos Global Moderator Posts 1175 Karma 7 OS	Re: Possible security issue?! Fri Feb 03, 2017 4:09 pm subdiff wrote:Did you live under a rock the last year? http://www.theregister.co.uk/2016/02/21 ... cial_site/ That's a completely different attack path though, which is much more realistic, and which SSL doesn't protect you against I'm working on the KDevelop IDE.

Page 1 of 1 (11 posts)

Bookmarks

Who is online

Registered users: abc72656, Bing [Bot], daret, Google [Bot], lockheed, Sogou [Bot], Yahoo [Bot]