SoylentNews is people
SoylentNews
The Devuan website looks hacked. Given the timing, it's probable that it is an April's Fools Joke, though it's not clear if it's the Devuan devs' April's Fools joke or the hackers' April's Fools Joke. In any case, it's probably better for any Devuan users to avoid updating their packages and keep an eye out for signs of compromise.
If it is a joke by the devs, then they are taking it pretty far since official channels of communication say that the hack is real (but package are not compromised): https://lists.dyne.org/lurker/message/20190331.191104.169aaf9a.en.html
In any case, it's a warning about taking Devuan too seriously; either they don't know how to secure their servers, or they don't know what it means to take a joke too far.
https://www.devuan.org/ redirects to https://www.devuan.org/pwned.html which displays:
_ _ THE WEB SUCKS -- JAVASCRIPT SUCKS -- BROWSERS SUCK
_ ___ ___ ___ ___ | | _ _ | |
/ _`| _| -_) -_) \ | \ / _` || _| GOPHER IS THE WAY -- GOPHER IS THE FUTURE
\__,|_| \___|\___|_|_| |_|_|\__,_| \__|
___/_ _
| | _ _ __ | |_ ___ ___ ___ ********************************************************************
| \ / _` |/ _|| | // -_)| _|(_-< ****** DEVUAN.ORG HAS BEEN PWNED ******
|_|_|\__,_|\__||_\_\\___||_| (___/ ********************************************************************
.................................
...........##...#...#####............ WE TURNED ALL DEVUAN'S SHITTY WEBSITES INTO PROPER GOPHERHOLES
...........###...#.##########............
...........####....###.......##............ ********************************************************************
............#############......##..............
............#######################.............. *** STOP THE MADNESS -- GET YOURSELF A GOPHER CLIENT ***
.............#######################...............
.............#######################................. WWW -> gopher://www.devuan.org
.............#####################.....#............. GIT -> gopher://git.devuan.org
...............###############.........######.......... ISOS -> gopher://files.devuan.org
........######.##############.........#########........ INFO -> gopher://pkginfo.devuan.org
.......######################.......############......... BTS -> gopher://bugs.devuan.org
......########################################........... STATS -> gopher://popcon.devuan.org
.......#####################################.............
........#################################................ *** GOPHER IS STILL ALIVE AND KICKING -- JUST CHECK IT OUT ***
..........###########################....................
.............##################.......................... gopher://gopherproject.org -- gopher://gopher.floodgap.com
......................................#####.............. gopher://bitreich.org - gopher://sdf.org - gopher://gopherpedia.com
...............................###########............. gopher://circumlunar.space - gopher://gopher.quux.org
.............................###########...............
.............########################.....#######.... *** KISS PORT 80 GOODBYE -- JOIN THE REVOLUTION ON PORT 70 ***
.............#####....###############...#########....
............#####.....############################. *******************************************************************
.######.....####################################.
.#######....##################################. WE KNOW YOU -- WE FOLLOW YOU -- WE OWN YOUR COMPUTERS
..#######...###############################..
..######..#############################.. ***** ANY RESISTANCE IS FUTILE *****
...###############################...
...#########################... WE ARE GREEN HAT HACKERS: WE CAME, WE SAW, WE KICKED YOUR ASS
......#############......
..................... *******************************************************************IF YOU LUSER CAN'T USE A GOPHER CLIENT, USE THE PROXY AT:
https://gopher.floodgap.com/gopher/gwBOTH 7779847 AND 1554080659 ARE PRIME NUMBERS
(Score: 2) by darkfeline on Tuesday April 02 2019, @10:46PM (1 child)
I use SSL and TLS interchangeably. They are basically the same thing which is why they're almost always referred to as TLS/SSL or SSL/TLS. Yes, I know that they're "technically" different, so you win a point; I don't think it really matters though. Just like GNU/Linux vs Linux, most people know what you're talking about. SSL 3.0 vs TLS 1.0, TLS 1.0 vs TLS 3.0, same difference.
You can't practically confirm data integrity without a transport protocol, so at the end of the day you need a secure transport protocol. You need a secure transport protocol, you can't just hire armed men to escort a USB containing the right public key to check the signature on a file.
> If you're referring to X.509 certificate chains (which isn't, BTW, TLS), then yes, assuming you trust the CA (which can be an iffy proposition) that signed the certificate
As I said, that's the most practical solution thus far. Again, you win a point for technicality; I am talking about TLS with certs which as far as I am aware is how TLS is used 99.99% of the time. Again, the average person would understand.
> However, a site that's been pwned will have that same X.509 cert, yet may be serving up trojaned code.
As I said, I can check multiple sites; it's fairly unlikely all of them are compromised by the same entity at the same time.
Join the SDF Public Access UNIX System today!
(Score: 2) by NotSanguine on Tuesday April 02 2019, @11:17PM
That would be great! Please tell me what qualifies as a "secure transport protocol."
And that negates the first point I quoted, given that even if the main Devuan site had been hacked, there were still more than fifty, presumably unhacked, mirrors [devuan.org].
Given that what are almost certainly valid, unhacked mirror sites, your "secure" transport complained that it was "bad." That sounds more like a denial-of-service than "security" to me. Granted, the problem there appears to be an interaction between the Devuan mirror redirect and your browser. I did not see that issue, even though I'm forcing HTTPS via HTTPS Everywhere [eff.org]. Strange.
Regardless, we're not going to agree on this, so I won't continue to share my decades of InfoSec experience with you, since it's obviously not appreciated. Good luck!
No, no, you're not thinking; you're just being logical. --Niels Bohr