Re: [libreoffice-website] Security Issue?

Hi Tom, *,

On Mon, Jun 17, 2013 at 12:58 PM, Tom <tomdavies04@yahoo.co.uk> wrote:
> Someone notified the Users Mailing List that "The Document Foundation"
> website appeared to have been compromised.  Here's a screen-shot;
>
> Malware-Screen-Documentfoundation-2013-06-17.jpg
> <http://nabble.documentfoundation.org/file/n4061840/Malware-Screen-Documentfoundation-2013-06-17.jpg>
>
> Note that it's not the LibreOffice.org website.  presumably it is a false
> positive but if it is how do we get Avira to stop mis-reporting it?

Probably ony by using the "as an Expert link" - as the message doesn't
tell what triggers the heuristics, it is hard to fix from our part, as
we don't use any "dirty tricks" on the website.

> Is
> there really a problem?

Not here. Of course there is the possibility of a malicious proxy
(trying https and checking the certificate would help in that case.
The sha-1 fingerprint of the certificate is: 0B 8B E9 ED 5F 2A 6F CD
8A AC 07 75 F3 5C 41 F2
EE 9A 48 CB) - So please check whether the page also shows the warning
via https (and when the browser says the certificate is valid and
matches the fingerprint).

The only thing that I could think of that might trigger a warning is
the included javascript - but that is nothing special.
It contains form-validation javascript, that is unnecessary on the
frontpage, but nothing malicious/not compromised.

ciao
Christian

-- 
To unsubscribe e-mail to: website+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/website/
All messages sent to this list will be publicly archived and cannot be deleted