Page 1 of 1

forum security

Posted: Tue Apr 15, 2014 6:52 pm
by endafresh
Here's an idea. How about encrypting the login at least? Is that too much to ask?
Goodness forbid we have encrypted forum browsing/posting in the aftermath of GLOBAL CYBERWARFARE by police-state govts that give as much a damn about citizen rights and constitutions as we do about paper towels.

Encrypt your forum logins. Now.
You have no damn excuse. Free SSL certificates are available from legit Certificate Authorities if you do a simple search.
Use OpenSSL, updated to the latest version. Really.

Re: forum security

Posted: Fri Apr 18, 2014 1:29 am
by cyb3rc0de
endafresh wrote: Free SSL certificates are available from legit Certificate Authorities if you do a simple search.
Not really. Only StartCom offers free SSL certificate. Theres no other company which will offer SSL cert without you playing.

Re: forum security

Posted: Sat Apr 19, 2014 6:27 pm
by endafresh
Nope.
A quick search revealed the following results.

http://www.freessl.com/
http://www.startssl.com/
https://www.ssl.com/certificates/free (90 day free trial certificates)
https://www.godaddy.com/ssl/ssl-open-source.aspx (open source certificate, specifically for projects such as GNU/Linux and these forums would easily qualify)
http://www.cacert.org/ (free certificates based on a community-trusted root CA)

I could probably find a bit more if i did some more searching.
Next time you answer, do a quick search beforehand.
This forum needs to be secured with proper credentials and a certificate is easy/free to obtain. There is no excuse, especially for a major open-source project like Linux Mint.

Re: forum security

Posted: Mon Apr 21, 2014 2:58 am
by cyb3rc0de
endafresh wrote:Nope.
A quick search revealed the following results.

http://www.freessl.com/
http://www.startssl.com/
https://www.ssl.com/certificates/free (90 day free trial certificates)
https://www.godaddy.com/ssl/ssl-open-source.aspx (open source certificate, specifically for projects such as GNU/Linux and these forums would easily qualify)
http://www.cacert.org/ (free certificates based on a community-trusted root CA)

I could probably find a bit more if i did some more searching.
Next time you answer, do a quick search beforehand.
This forum needs to be secured with proper credentials and a certificate is easy/free to obtain. There is no excuse, especially for a major open-source project like Linux Mint.

Bolded lines represent certificate resellers who only give trials. You might be able to get SSL free for like 90 days or something, but you will still have to pay. Yes I did good research before I commented because I wanted to put SSL on my website.
Son, you should get well informed, trial doesn't mean its free forever.

Re: forum security

Posted: Mon May 11, 2015 10:36 am
by linx255
What of this?

I don't think certificates are worth much if "trusted" CAs just give out certs to anyone who can bribe and extort them, etc.
I don't know if this is still an issue or not. Hard to imagine it's not but I'm not an expert on certificates.

http://www.wired.com/2010/03/packet-forensics/