Reply to topic

Possible security issue?!

raddison
Registered Member
Posts
515
Karma
0

Possible security issue?!

Thu Feb 02, 2017 4:02 pm
Hi guys,

https://plus.google.com/photos/10656778 ... OO-ic2KlgE

Yeah, what's that all about?


Best wishes community,
Richard Addison


Proud to be powered by Plasma
raddison
Registered Member
Posts
515
Karma
0

Re: Possible security issue?!

Thu Feb 02, 2017 5:05 pm
@Admin/moderator

Have you seen the images? The Neon homepage seems to contain insecure elements.


Proud to be powered by Plasma
Aranjedeath
Registered Member
Posts
4
Karma
0
OS

Re: Possible security issue?!

Thu Feb 02, 2017 5:33 pm
The paypal image on the homepage isn't loaded via https. just a simple fix on Neon's part.
raddison
Registered Member
Posts
515
Karma
0

Re: Possible security issue?!

Thu Feb 02, 2017 5:42 pm
Aranjedeath wrote:The paypal image on the homepage isn't loaded via https. just a simple fix on Neon's part.


Hi,

Yeah, I think the same. Is it exploitable?


Proud to be powered by Plasma
nalvarez
Registered Member
Posts
7
Karma
0
OS

Re: Possible security issue?!

Thu Feb 02, 2017 5:52 pm
It just means someone who manages to intercept your network traffic could tell that you visited the neon website, and maybe replace that image with another.
Aranjedeath
Registered Member
Posts
4
Karma
0
OS

Re: Possible security issue?!

Thu Feb 02, 2017 6:21 pm
raddison wrote:
Aranjedeath wrote:The paypal image on the homepage isn't loaded via https. just a simple fix on Neon's part.


Hi,

Yeah, I think the same. Is it exploitable?


Exploitable to what end? You could replace the image, perhaps with **** data. It's not particularly harmful, especially given the image actually is served over https. Browser mixed-content detector doesn't care about that though, it sees http:// link and shrieks. It's been fixed already, anyway.
raddison
Registered Member
Posts
515
Karma
0

Re: Possible security issue?!

Thu Feb 02, 2017 6:25 pm
nalvarez wrote:It just means someone who manages to intercept your network traffic could tell that you visited the neon website, and maybe replace that image with another.


Isn't exactly what I'd like, is it?


Proud to be powered by Plasma
raddison
Registered Member
Posts
515
Karma
0

Re: Possible security issue?!

Thu Feb 02, 2017 6:43 pm
Aranjedeath wrote:

raddison wrote:

Aranjedeath wrote:
The paypal image on the homepage isn't loaded via https. just a simple fix on Neon's part.



Hi,

Yeah, I think the same. Is it exploitable?



Exploitable to what end? You could replace the image, perhaps with **** data. It's not particularly harmful, especially given the image actually is served over https. Browser mixed-content detector doesn't care about that though, it sees http:// link and shrieks. It's been fixed already, anyway.


Yeah, the issue is gone.

Neon is one of the most (if not the most) prominent projects in Linuxworld. Hence it's likely to be targeted.

@You who fixed it: Please keep us safe, okay? Thank you. I consider the matter closed.


Best wishes community,
Richard Addison


Proud to be powered by Plasma
User avatar scummos
Global Moderator
Posts
1153
Karma
7
OS

Re: Possible security issue?!

Fri Feb 03, 2017 12:22 pm
raddison wrote:Neon is one of the most (if not the most) prominent projects in Linuxworld. Hence it's likely to be targeted.

Is there a single documented case of somebody man-in-the-middling a Linux distro's download site in the last 25 years? Just to calibrate the usage of the word "likely" ;)


I'm working on the KDevelop IDE.
User avatar subdiff
Registered Member
Posts
59
Karma
0
OS

Re: Possible security issue?!

Fri Feb 03, 2017 12:49 pm
Did you live under a rock the last year? ;)

http://www.theregister.co.uk/2016/02/21 ... cial_site/
User avatar scummos
Global Moderator
Posts
1153
Karma
7
OS

Re: Possible security issue?!

Fri Feb 03, 2017 4:09 pm
subdiff wrote:Did you live under a rock the last year? ;)

http://www.theregister.co.uk/2016/02/21 ... cial_site/


That's a completely different attack path though, which is much more realistic, and which SSL doesn't protect you against ;)


I'm working on the KDevelop IDE.

 
Reply to topic

Bookmarks



Who is online

Registered users: Baidu [Spider], Bing [Bot], Google [Bot], grahm, jmacleod, Majestic-12 [Bot], nrykhe, paleo, rblackwell, Sogou [Bot], YaCy [Bot]