Hi :)
Of course there are some types of attacks and things that all systems have trouble with. Somewhere
i saw a report that Windows has around 800,000 known viruses and other malware compared to
Gnu&Linux's 300. So, yes all systems have problems but it's several orders of magnitude less for
unix-based systems.
Anyway, i forgot to keep this thread appraised of developments. I posted a query to the Websites
Team and got this response
"
From: Christian Lohmaier <hidden>
To: Tom <tomdavies04@yahoo.co.uk>
Cc: "LibreOffice, website" <website@global.libreoffice.org>
Sent: Monday, 17 June 2013, 12:44
Subject: Re: [libreoffice-website] Security Issue?
Hi Tom, *,
On Mon, Jun 17, 2013 at 12:58 PM, Tom <tomdavies04@yahoo.co.uk> wrote:
Someone notified the Users Mailing List that "The Document Foundation"
website appeared to have been compromised. Here's a screen-shot;
Malware-Screen-Documentfoundation-2013-06-17.jpg
<http://nabble.documentfoundation.org/file/n4061840/Malware-Screen-Documentfoundation-2013-06-17.jpg>
Note that it's not the LibreOffice.org website. Presumably it is a false
positive but if it is how do we get Avira to stop mis-reporting it?
Probably only by using the "as an Expert link" - as the message doesn't tell what triggers the
heuristics, it is hard to fix from our part, as we don't use any "dirty tricks" on the website.
Is there really a problem?
Not here. Of course there is the possibility of a
malicious proxy (trying https and checking the certificate would help in that case. The sha-1
fingerprint of the certificate is: 0B 8B E9 ED 5F 2A 6F CD 8A AC 07 75 F3 5C 41 F2 EE 9A 48 CB) -
So please check whether the page also shows the warning via https (and when the browser says the
certificate is valid and matches the fingerprint).
The only thing that I could think of that might trigger a warning is the included javascript - but
that is nothing special. It contains form-validation javascript, that is unnecessary on the
frontpage, but nothing malicious/not compromised.
ciao
Christian
"
________________________________
From: Urmas <davian818@gmail.com>
To: users@global.libreoffice.org
Sent: Tuesday, 18 June 2013, 11:10
Subject: [libreoffice-users] Re: LibreOffice website security
"Tom Davies" :
It is unlikely the LibreOffice website is infected because it runs on
unix-based platforms such as Gnu&Linux.
Linux is getting malware regularly mostly targeting Web-servers for serving
other kinds of malware via IFRAMEs and similar methods.
--
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
Context
- Re: [libreoffice-users] LibreOffice website security (continued)
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.