Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 19 submissions in the queue.
Meta
posted by janrinok on Friday August 02, @12:54PM   Printer-friendly

Just to give you advance notice that the continual problem with the renewal of SSL certificates is due to occur on Monday 5 Aug.

Nobody in the new team has the necessary access nor knowledge of the current hardware configuration, and control remains with NCommander. The transfer of assets has been initiated but as one of the two members of the current Board is out of the country everything has temporarily ground to a halt. We cannot reconfigure the existing structure as legally we do not yet 'own' the database or existing hardware assets.

I have requested that NCommander assist by renewing the certificates but that depends upon his availability. He has been kind enough to help in the past. There is nothing more I can do at the moment.

I know that this is easily fixed - but until the formal exchange of the assets takes place we are on very shaky ground with regards to liabilities and responsibilities.

 
This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by janrinok on Friday August 02, @03:20PM (3 children)

    by janrinok (52) Subscriber Badge on Friday August 02, @03:20PM (#1366741) Journal

    Opening up a potential security hole which might allow someone to get access to the database would not be protecting your personal information. We have promised to protect the data and for the last 10 years have been successful in keeping your personally identifiable information private.

    If somebody can get your password then they can also get an administrator's password. If they compromise the account of certain admins (e.g a sysadmin) then they have the keys to the castle - everything!

    --
    I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
    Starting Score:    1  point
    Moderation   +3  
       Informative=3, Total=3
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by Username on Friday August 02, @05:22PM (2 children)

    by Username (4557) on Friday August 02, @05:22PM (#1366762)

    Chmod the admin pages 700. That should solve it.

    • (Score: 3, Informative) by janrinok on Friday August 02, @05:33PM (1 child)

      by janrinok (52) Subscriber Badge on Friday August 02, @05:33PM (#1366764) Journal

      If they get inside with an Administrator's password, what good would that do?

      It would, I think, also break the current software. Probably best that we don't do that. Remember that this is late 1990s software technology, originally used in in 2000's hardware, and significantly modified in 2014 for its current role.

      Once someone is inside the system - as any user - they have a much better chance of getting where they shouldn't be. They can also see where other vulnerabilities might be lurking. Not that we have any of course, certainly not, safe as houses.....

      --
      I am not interested in knowing who people are or where they live. My interest starts and stops at our servers.
      • (Score: 2) by Username on Monday August 05, @02:16PM

        by Username (4557) on Monday August 05, @02:16PM (#1367163)

        With 700 no one can access it remotely via http. You would have to ssh or whatever solution you use in with whatever account to access it. You will be using the os encryption, not apache or whatever you got.