Re: [libreoffice-users] Re: LibreOffice website security

Hi :)
Of course there are some types of attacks and things that all systems have trouble with.  Somewhere 
i saw a report that  Windows has around 800,000 known viruses and other malware compared to 
Gnu&Linux's 300.  So, yes all systems have problems but it's several orders of magnitude less for 
unix-based systems.  


Anyway, i forgot to keep this thread appraised of developments.  I posted a query to the Websites 
Team and got this response


"
From: Christian Lohmaier <hidden>
To: Tom <tomdavies04@yahoo.co.uk> 
Cc: "LibreOffice, website" <website@global.libreoffice.org> 
Sent: Monday, 17 June 2013, 12:44
Subject: Re: [libreoffice-website] Security Issue?
 
Hi Tom, *,

On Mon, Jun 17, 2013 at 12:58 PM, Tom <tomdavies04@yahoo.co.uk> wrote:
> Someone notified the Users Mailing List that "The Document Foundation"
> website appeared to have been compromised.  Here's a screen-shot;
>
> Malware-Screen-Documentfoundation-2013-06-17.jpg
> <http://nabble.documentfoundation.org/file/n4061840/Malware-Screen-Documentfoundation-2013-06-17.jpg>
>
> Note that it's not the LibreOffice.org website.  Presumably it is a false
> positive but if it is how do we get Avira to stop mis-reporting it?

Probably only by using the "as an Expert link" - as the message doesn't tell what triggers the 
heuristics, it is hard to fix from our part, as we don't use any "dirty tricks" on the website.

> Is there really a problem?

Not here. Of course there is the possibility of a
 malicious proxy (trying https and checking the certificate would help in that case.  The sha-1 
fingerprint of the certificate is: 0B 8B E9 ED 5F 2A 6F CD 8A AC 07 75 F3 5C 41 F2 EE 9A 48 CB) - 
So please check whether the page also shows the warning via https (and when the browser says the 
certificate is valid and matches the fingerprint).

The only thing that I could think of that might trigger a warning is the included javascript - but 
that is nothing special.  It contains form-validation javascript, that is unnecessary on the 
frontpage, but nothing malicious/not compromised.

ciao
Christian
"




> ________________________________
> From: Urmas <davian818@gmail.com>
> To: users@global.libreoffice.org 
> Sent: Tuesday, 18 June 2013, 11:10
> Subject: [libreoffice-users] Re: LibreOffice website security
>
>
> "Tom Davies" :
>
> > It is unlikely the LibreOffice website is infected because it runs on 
> > unix-based platforms such as Gnu&Linux.
>
> Linux is getting malware regularly mostly targeting Web-servers for serving 
> other kinds of malware via IFRAMEs and similar methods. 
-- 
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted