Date: prev next · Thread: first prev next last
2013 Archives by date, by thread · List index


Hi :)
Of course there are some types of attacks and things that all systems have trouble with.  Somewhere 
i saw a report that  Windows has around 800,000 known viruses and other malware compared to 
Gnu&Linux's 300.  So, yes all systems have problems but it's several orders of magnitude less for 
unix-based systems.  


Anyway, i forgot to keep this thread appraised of developments.  I posted a query to the Websites 
Team and got this response


"
From: Christian Lohmaier <hidden>
To: Tom <tomdavies04@yahoo.co.uk> 
Cc: "LibreOffice, website" <website@global.libreoffice.org> 
Sent: Monday, 17 June 2013, 12:44
Subject: Re: [libreoffice-website] Security Issue?
 
Hi Tom, *,

On Mon, Jun 17, 2013 at 12:58 PM, Tom <tomdavies04@yahoo.co.uk> wrote:

Someone notified the Users Mailing List that "The Document Foundation"
website appeared to have been compromised.  Here's a screen-shot;

Malware-Screen-Documentfoundation-2013-06-17.jpg
<http://nabble.documentfoundation.org/file/n4061840/Malware-Screen-Documentfoundation-2013-06-17.jpg>

Note that it's not the LibreOffice.org website.  Presumably it is a false
positive but if it is how do we get Avira to stop mis-reporting it?

Probably only by using the "as an Expert link" - as the message doesn't tell what triggers the 
heuristics, it is hard to fix from our part, as we don't use any "dirty tricks" on the website.

Is there really a problem?

Not here. Of course there is the possibility of a
 malicious proxy (trying https and checking the certificate would help in that case.  The sha-1 
fingerprint of the certificate is: 0B 8B E9 ED 5F 2A 6F CD 8A AC 07 75 F3 5C 41 F2 EE 9A 48 CB) - 
So please check whether the page also shows the warning via https (and when the browser says the 
certificate is valid and matches the fingerprint).

The only thing that I could think of that might trigger a warning is the included javascript - but 
that is nothing special.  It contains form-validation javascript, that is unnecessary on the 
frontpage, but nothing malicious/not compromised.

ciao
Christian
"




________________________________
From: Urmas <davian818@gmail.com>
To: users@global.libreoffice.org 
Sent: Tuesday, 18 June 2013, 11:10
Subject: [libreoffice-users] Re: LibreOffice website security


"Tom Davies" :

It is unlikely the LibreOffice website is infected because it runs on 
unix-based platforms such as Gnu&Linux.

Linux is getting malware regularly mostly targeting Web-servers for serving 
other kinds of malware via IFRAMEs and similar methods. 


-- 
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.