Virus in the ads for this forum - About xda-developers.com

There seems to be a virus in the ads for xda, Kaspersky picks it up whenever i load any of the xda pages:
4/24/2010 9:00:29 AM Denied: HEUR:Trojan.Script.Iframer //tag.admeld.com/ad/iframe/219/xdadevelopers/728x90/ros?t=1272114028927&tz=240&hu=&ht=js&hp=0&url=http%3A%2F%2Fforum.xda-developers.com%2Fforumdisplay.php%3Ff%3D263&refer=Firefox
It could be a false postive but I'm just letting you know what it shows.

chumatha87 said:
There seems to be a virus in the ads for xda, Kaspersky picks it up whenever i load any of the xda pages:
4/24/2010 9:00:29 AM Denied: HEUR:Trojan.Script.Iframer //tag.admeld.com/ad/iframe/219/xdadevelopers/728x90/ros?t=1272114028927&tz=240&hu=&ht=js&hp=0&url=http%3A%2F%2Fforum.xda-developers.com%2Fforumdisplay.php%3Ff%3D263&refer=Firefox
It could be a false postive but I'm just letting you know what it shows.
Click to expand...
Click to collapse
ok, checked this myself as have a few other mods and we get no such warnings. I suspect it must be something else you have

not necessarily, depends on the distribution algorithm of the ads you have...

Fallen Spartan said:
ok, checked this myself as have a few other mods and we get no such warnings. I suspect it must be something else you have
Click to expand...
Click to collapse
Same here no such issues also if was XDA side with 8000 people on @ time would expect more than one user with the issue mentioned since Kaspersky is a well used AV product "mind you not my flavour"
OP scan computer, also worth running malwarebytes it's free.

Make that 2 users ... saw it myself last night and had to clean it. Then it was gone. Suggest purging site cache once just to make sure. Not sure if it was an add or one of the forum pages.

ROCOAFZ said:
Make that 2 users ... saw it myself last night and had to clean it. Then it was gone. Suggest purging site cache once just to make sure. Not sure if it was an add or one of the forum pages.
Click to expand...
Click to collapse
Can you remember which ad you clicked on or give us any more info so we can investigate?

PPCGeeks has been having a similar issue reported by some users.
Sometimes IE will report it as unsafe and sometimes their A/V will come up with a warning.
Seems to be an issue with some of the AdSense ads. Hopefully Google will fix it soon.

I still think it's humorous that my Kaspersky Internet Security 2010 blocks all of the Mobile Speed Test signatures, because it thinks the Mobile Speed Test website is a huge fail or something.

Related

Frostwire apk tester

anyone else a tester for limewire? sign up on their site they emailed me right back. seems ok sofar evo 2.2
Looks like a great thread for the aps forum.
i'm not a tester, the development forum is probably not the palce for this post. I personlally dont use [email protected] programs as they are infested with spyware, viruses and fake files. Newsgroups all the way, still has some but much much less.
slvrprelude said:
anyone else a tester for limewire? sign up on their site they emailed me right back. seems ok sofar evo 2.2
Click to expand...
Click to collapse
I signed up days ago but they havent contacted me at all. Can you share the apk with me?
Holy crap! People still use Limewire aka the most viruses on the internets?
SolsticeZero said:
Holy crap! People still use Limewire aka the most viruses on the internets?
Click to expand...
Click to collapse
Yeah, I usually end up yelling "DEAR GOD - DON'T YOU LOVE YOURSELF?" at them in my best Jon Pinette voice.
SolsticeZero said:
Holy crap! People still use Limewire aka the most viruses on the internets?
Click to expand...
Click to collapse
It only has viruses for the people that don't know what their doing. But such is true with any aspect of the internet. This is why I have a job in tech support because people will always be dumb enough to click on just about anything and open the floodgates to infect their computers.
if anyone wants the apk just msg me. io have it on my evo 2.2 and my moment 2.1 and runs great really.. just not many people on there yet. also yea if you are dumb you can get viruses from going to google. people that know how to use computes really shouldnt worry about too many problems. also its should stay in the development cause its trying to develop the features and this shows that we can totally open these things up for some wicked stuff.
Unknownforce said:
It only has viruses for the people that don't know what their doing. But such is true with any aspect of the internet. This is why I have a job in tech support because people will always be dumb enough to click on just about anything and open the floodgates to infect their computers.
Click to expand...
Click to collapse
It has viruses for everyone however if you know what you are doing you can weed out about 95% of them this is true (i mean come on i thought all mp3s were 5kbs and made you go to a web page to "acquire a license" first.). this doesn't mean you aren't at risk of getting particularly clever virus or spyware no matter how much you know.
still like i said much better ways then P2P. though i haven't found a decent newsgroup program for android yet.
Besides the fact that this is in the wrong section, I'll post the newest apk link here: http://dl.frostwire.com/android/0.3.10/frostwire.apk
edit: added new link with updated version on 08/31/10
Sent from my PC36100 using Tapatalk
Newest Link :
http://dl.frostwire.com/android/0.4.3/frostwire.apk
FrostWire developers here
Hi, just joined xda developers (can't believe we didn't do it before)
anyways, you're all welcome to help us test our next release, it's been a while since 0.4.x, we're now about to release 1.0.6 and we've fixed a lot.
You can download and test the 1.0.6 release candidate 1 here
dl.frostwire.com/android/fresh/frostwire.1.0.6.rc1.apk
This release includes the following fixes:
FrostWire 1.0.6 - APR/03/2013
- Faster search results. Search architecture revised and improved.
- Includes search results from archive.org, which indexes millions
of public domain and creative commons works from all over the
internet.
- Reduces CPU and battery consumption up to 84%.
- FrostWire won't disable screen locking during audio playback.
It's now up to the user to set longer auto-locking timeouts if
they want to use FrostWire as an audio player in their vehicles.
- UI fix, media player screen is correctly updated if a song starts
while the screen was locked.
- Updated icons and graphics.
- Improved mime type detection.
- Supports WebM video search results.
- Updated UPnP cling libraries for better Wi-Fi sharing discovery.
- Multiple crashes and freezes fixed.
- Opens .torrent files from urls and from any file browser.
- Faster hashing and checking of ongoing and finished torrent downloads.
- Fixes a crash when sharing files from third party apps like FileKicker
which pass filepath uris instead of android provider uris.
- Fixes double audio playback issue with third party media playing apps.
- Fixes bug where the app would force close and restart on phones without SD cards.
- Fixes bug on Android 4.x where finished document downloads wouldn't appear under
documents.
- Avoids crash caused by AdMobSDK and WebView's cache being null.
You can follow live code progress on github.com/frostwire/frostwire-android/commits/master, hackers are most welcome to send pull requests.

Bad ad sites make this site look bad

ad4.netshelter.net
Takes forever to load, and no XDA content loads while waiting.
This is poor web design.
Please revise XDA so that site content loads BEFORE advertiser content.
MintJulep said:
ad4.netshelter.net
Takes forever to load, and no XDA content loads while waiting.
This is poor web design.
Please revise XDA so that site content loads BEFORE advertiser content.
Click to expand...
Click to collapse
Are there any ads in particular that are taking a particularly long time to load? Please provide a screenshot if so. We hate ads that slow down the site too!
Theres a lot more flash that usual. Small price to pay, I figure. Im not exactly on the top donations list. Quality versus quantity is the point, I think.
No specific ads
The XDA page header loads.
Then beige nothingness for about 30 seconds or so while "connecting to ad4.netshelter.net".
I assume something eventually times out, and the rest of the page loads.
MintJulep said:
The XDA page header loads.
Then beige nothingness for about 30 seconds or so while "connecting to ad4.netshelter.net".
I assume something eventually times out, and the rest of the page loads.
Click to expand...
Click to collapse
Thirty seconds is very long! Where are you located? Also, please benchmark your bandwidth at speedtest.net and paste the graphic result here.
I'm also experiencing this! I'm located in the Netherlands with Ziggo as provider. Sometimes about 30 seconds is correct. I'm also getting this a lot with media.xda-developers.com and pubads.g.doubleclick.net.
This is not always the case btw. Also it's not my internet connection because every other site loads just fine. Also the connection is 120/10 Mbit.
I'm using an Android tablet to access the forums and the Best Buy adds are making the site extremely annoying to use. I have to click on the add since I don't have flash automatically loading them, then I have to click on the "x" to close the add. It didn't use to be this bad but now it is happening on almost every page.
Yeah, Im getting tired of the ads all over the site. I am REEEEEAAALLLYY tired of the ones that are popping up from the bottom and block the forum until I click on the X to close. Now some dont even have that close option.
Right now its that stupid best buy buy back program ad.
As a donator I think they really need to go XDA.
You can disable the shockwave flash object in your internet settings, but then you still have this stupid box with a red X that floats around the middle of the page because it cant load.
If the mods need it, here is the (shortened) link for that ad....http://dcom.me/cD9wm
We hear you guys and are working on getting the annoying Best Buy ads disabled. It's a constant battle between paying the bills and not annoying users. We do our best to err on the side of not annoying the users, but sometimes we make mistakes. Thanks for understanding.
I don't mind ads, but the best buy ad at the bottom of the page is horrible. It actually keeps the area at the bottom of the screen from being "clickable", even when you close the ad.
skullvet said:
I don't mind ads, but the best buy ad at the bottom of the page is horrible. It actually keeps the area at the bottom of the screen from being "clickable", even when you close the ad.
Click to expand...
Click to collapse
+1
I understand the ads, and I'll click on them every once and awhile to help out, but that best buy one is very aggravating.
i agree with this! i feel as if we could make the ads on this site load alot more conveniently.
I notice that the Best Buy ad at the bottom is gone, thank you!
I don't mind the ads but that Best Buy ad was seriously driving me insane! lol Thank you!
Best Buy ad should be officially removed. Let me know if it anyone sees it.
Thx!
svetius said:
Best Buy ad should be officially removed. Let me know if it anyone sees it.
Thx!
Click to expand...
Click to collapse
Thank you very much. I understand the adds, you have to make money. That add at the bottom made it to hard to use the site, and i actually installed an adblocker just for it today. Now i have disabled it.
svetius said:
Best Buy ad should be officially removed. Let me know if it anyone sees it.
Thx!
Click to expand...
Click to collapse
Thank you very much! All is well again.
A prime example of the damage that one bad ad and/or one slow ad delivery server can cause. I wonder how many people downloaded AdFree or AdBlock Plus or added a line into their hosts file tonight all because of a lousy Best Buy ad and a slow server halting progress on the page.
Is there any procedure in place for vetting new ads before they are served to this site? I get that the idea of an ad server is to exist in the background so that publishers can focus on the content, but is there any way to specify formats, types, and other parameters of the ads served here? If NetShelter was serving that Best Buy ad to all its tech publishers, there were probably a lot of pissed off users tonight across the network.
ZachPA said:
A prime example of the damage that one bad ad and/or one slow ad delivery server can cause. I wonder how many people downloaded AdFree or AdBlock Plus or added a line into their hosts file tonight all because of a lousy Best Buy ad and a slow server halting progress on the page.
Is there any procedure in place for vetting new ads before they are served to this site? I get that the idea of an ad server is to exist in the background so that publishers can focus on the content, but is there any way to specify formats, types, and other parameters of the ads served here? If NetShelter was serving that Best Buy ad to all its tech publishers, there were probably a lot of pissed off users tonight across the network.
Click to expand...
Click to collapse
Often it's hard to control the adverts you see on a site.
I use ad blockers on a number of sites, but more for giving me a "stripped down" experience on slow loading sites...
There is usually little control over what adverts you show, since it is the ad agency that does the placement of the adverts, and you use code that "includes" whatever advert they choose.
When it comes down to it, if needed, the code can simply be removed, which is what I believe was done in this case.
I have only worked with ad solutions that give me fixed control over the parameters and appearance of the adverts, so I don't know how this one worked.
I use AdBlock Plus and ad blocker add on for Firefox. They work great and block 99% of pop ups.

virus and spyware

I've been trawling through XDA now for some 5 years without any kind of problem.
In the past 5 days my computer has been hit twice with XP SECURITY 2011 Spyware for which I had to wipe my drive and re-install a backup(thank you Acronis )
I' ve also been hit FIVE times with "defender.exe" some kind of Trojan,which my anti-virus TREND dealt with.
Now,I did not click on anything like an advert ,they just appeared and took over ...
Just thought I would report this in case anything can be done about it and to warn others .
malybru said:
I've been trawling through XDA now for some 5 years without any kind of problem.
In the past 5 days my computer has been hit twice with XP SECURITY 2011 Spyware for which I had to wipe my drive and re-install a backup(thank you Acronis )
I' ve also been hit FIVE times with "defender.exe" some kind of Trojan,which my anti-virus TREND dealt with.
Now,I did not click on anything like an advert ,they just appeared and took over ...
Just thought I would report this in case anything can be done about it and to warn others .
Click to expand...
Click to collapse
This doesn't sound like an XDA issue, unless you are downloading files directly from the site (which you didn't mention.)
If your on firefox you can download an addon to block ads and also when I got the rogue anti virus thing I went into safe mode and malwarebytes ate it so you don't have to resort to that option to get that virus off.
waffle_ said:
This doesn't sound like an XDA issue, unless you are downloading files directly from the site (which you didn't mention.)
Click to expand...
Click to collapse
I'm not downloading anything.
I'm not clicking on anything.
I'm just reading through the pages.
i.e. it just happens...
Firefox with addons is the way to go!
Running IE 8 on XP with SP 3
malybru said:
Running IE 8 on XP with SP 3
Click to expand...
Click to collapse
Are you 100% certain that you are fully patched, and not getting this from any other site?
I browse XDA on windows and linux. No attacks here. If any exe was attempting to load, linux would prompt a file download window...
Can you locate the file perhaps in connection or firewall logs?
Also, IE 8 isn't renowned for its high security. Might I suggest Chrome, as its sandboxing is pretty impressive.
If it (The problem) was on XDA, I am sure more people would have seen it, and it would be sorted by now...
pulser_g2 said:
Are you 100% certain that you are fully patched, and not getting this from any other site?
I browse XDA on windows and linux. No attacks here. If any exe was attempting to load, linux would prompt a file download window...
Can you locate the file perhaps in connection or firewall logs?
Also, IE 8 isn't renowned for its high security. Might I suggest Chrome, as its sandboxing is pretty impressive.
If it (The problem) was on XDA, I am sure more people would have seen it, and it would be sorted by now...
Click to expand...
Click to collapse
Hi,
when the attacks occured,I was only browsing these pages.
My anti-virus caught five files which it called "TROJ_FAKEAV.SM10"
As for the spyware,I have no record because I had to wipe my system.It called itself "XP SECURITY 2011".That's the only information I could get ,because it locked me out of my system.
I was not trying to cause trouble by bringing this to people's attention.It was more of a warning,and to see if other people had suffered anything similar.
As for my own security,I bought Webroot Spy Sweeper,and I might just try Google Chrome(thanks for the tip )
malybru said:
Hi,
when the attacks occured,I was only browsing these pages.
My anti-virus caught five files which it called "TROJ_FAKEAV.SM10"
As for the spyware,I have no record because I had to wipe my system.It called itself "XP SECURITY 2011".That's the only information I could get ,because it locked me out of my system.
I was not trying to cause trouble by bringing this to people's attention.It was more of a warning,and to see if other people had suffered anything similar.
As for my own security,I bought Webroot Spy Sweeper,and I might just try Google Chrome(thanks for the tip )
Click to expand...
Click to collapse
This has nothing to do with the XDA site. Switch to Google Chrome (amazing security and fast browsing), or Firefox. Google Chrome has EXTENSIONS that you can install for these certain things.
This can't be an XDA problem. Most likely, it is a IE8 problem and all the **** that comes with it. Switch browsers and then uninstall IE8.
WARNING: * Google Chrome is heavily dependent on IE settings. *
XP Security 2011 is just coming back on its on!!!
Like everyone else says, it's not XDA giving you this issue. The problem is, and will continue to be, you are running an already infected system. Wiping the system clean should get rid of it, but once you restore a backup from Acronis, you are more than likely restoring the infection! The best way to get rid of XP Security 2011 is to run Malwarebytes Antimalware in safe mode. Also run CCleaner while still in safe mode to remove all temporary internet files and TEMP files (which is where a lot of these types of spyware normally hang out). Then once its gone go back to normal mode and download a copy of SUPERAntiSpyware and allow it to give you real-time protection. The problem with XP Security 2011 (and it's previous annual variants) is that it is very resilient (upon reboots, it reinstalls itself if the entire infection is not removed). If all else fails, pay a pro to get rid of the actual infection, install some better protection than Webroot (which thoroughly sucks) and you should be good.
How about google chrome? would it do the job too??
imso said:
How about google chrome? would it do the job too??
Click to expand...
Click to collapse
It should, but having a good (real-time) anti-spyware solution (like MS Security Essentials, AVG, SUPERAntispyware, SpyBot S&D or Malwarebytes) is the best way to HELP prevent spyware infections like that. Also keep a good Antivirus software up to date too (like Norton 360, AVG, Avast, Nod32, Kaspersky or MS Security Essentials). But nowadays over 90% of infections are spyware not viruses!
imso said:
How about google chrome? would it do the job too??
Click to expand...
Click to collapse
Keep in mind Google Chrome still heavily relies on IE settings and config.
willflint said:
It should, but having a good (real-time) anti-spyware solution (like MS Security Essentials, AVG, SUPERAntispyware, SpyBot S&D or Malwarebytes) is the best way to HELP prevent spyware infections like that. Also keep a good Antivirus software up to date too (like Norton 360, AVG, Avast, Nod32, Kaspersky or MS Security Essentials). But nowadays over 90% of infections are spyware not viruses!
Click to expand...
Click to collapse
Hi,
Thanks for the advice.
Can I please ask what is your experience of the programs you mention,and on what basis you are making these suggestions.
I did some research on anti-spyware and webroot came highly recommended.What makes you say that it sucks?
Also I have installed Chrome and Firefox and am alternating between the two. Having said that Webroot has just quarantined a file called "keyloggr for chrome"
Having no luck recently...
malybru said:
Hi,
Thanks for the advice.
Can I please ask what is your experience of the programs you mention,and on what basis you are making these suggestions.
I did some research on anti-spyware and webroot came highly recommended.What makes you say that it sucks?
Also I have installed Chrome and Firefox and am alternating between the two. Having said that Webroot has just quarantined a file called "keyloggr for chrome"
Having no luck recently...
Click to expand...
Click to collapse
Be sure not to install any extensions that aren't highly popular and have a bad review. Also, Webroot isn't exactly accurate and real time, I wouldn't use it.

XDA forums almost unusable with NoScript

Hi - My internet browser is Firefox, and I have been using NoScript for years.
There is only one website that causes me constant problems when browsing: XDA Developers.
I use NoScript constantly with a lot of stuff disabled by default: Everything Facebook is always disabled, along with doubleclick and a bunch of other tracking websites.
With NoScript on, the XDA screen is constantly jumping around, with various websites constantly trying to refresh about twice a second. It is so jumpy with embedded websites continuously refreshing, that I can't even control NoScript well enough to enable whatever disabled website(s) are causing the problem.
I wouldn't be frustrated if this happened to me all the time, but XDA is the only website I see this problem on. I would expect a high-tech developer website like XDA to have less problems instead of more problems.
Sigh. I wish somebody at XDA could fix this.
¿GJ?
NoScript has a whitelist feature. If you don't want to use it, you can't expect it to be "fixed" (actually, modified to fit your needs would be a better choice of words) anytime soon, as the forums (and many other forums, in general) rely rather heavily on scripts.
I personally have XDA added to my whitelist.
As for the refreshes, did you make sure it's not another add-on that's conflicting? Start FF in safe mode and check if the issue persists.
Don't know if this helps, but I just tested XDA with NoScript without any issues.
That being said, a lot of features rely on JavaScript, so no guarantee what would happen if you only turned on some of them.
Huh.. I use NS on FF, and have seen no issues. To be sure it is NS, have you told it to temporarily allow all, and see if that fixes it? It could certainly be another issue..
What he could be speaking of is the portal constant refreshing (not on the forum), which also occurs on my differents computers with NS (with xda on whitelist).
For me, everytime I scroll on the portal main page, it refresh itself.
It's weird - Something changed between yesterday and today. Yesterday, this page wouldn't sit still until I was able to do enough "Temporarily allow all this page" button presses (about 5 or 6) to get the page finally stabilized.
Now, everything was stable when I entered XDA with the same "allow" list I had yesterday.
I'm not a big fan of "White List"ing sites, since so many sites have Facebook embedded in them (amongst many other tracking sites I don't like). Ever since Facebook violated my privacy and sucked up my personal contact information without my explicit approval, I ... ...
... well, let's just say I won't "Like" Facebook.
I appreciate the feedback from y'all, and I wish I knew what changed.
Thanks!
¿GJ?
bitpushr said:
Don't know if this helps, but I just tested XDA with NoScript without any issues.
That being said, a lot of features rely on JavaScript, so no guarantee what would happen if you only turned on some of them.
Click to expand...
Click to collapse
Divine_Madcat said:
Huh.. I use NS on FF, and have seen no issues. To be sure it is NS, have you told it to temporarily allow all, and see if that fixes it? It could certainly be another issue..
Click to expand...
Click to collapse
Some forum features won't work: dropdown menus (e.g. "Go to Page" next to the page numbers, "Quick Links", "Rate thread") search boxes not being cleared automatically when you click them, username/device completion in search boxes or using the new mention feature, share buttons (they won't show how many times X got shared), etc. The WIYIWYG editor obviously doesn't work as well.
The portal's layout is a bit messed up, too.
It's all fixed by adding xda-developers.com to the whitelist. I think you both already have it added (I removed it for testing), which is what you're supposed to do for websites you trust anyway.
---------- Post added at 12:01 PM ---------- Previous post was at 11:53 AM ----------
¿GotJazz? said:
It's weird - Something changed between yesterday and today. Yesterday, this page wouldn't sit still until I was able to do enough "Temporarily allow all this page" button presses (about 5 or 6) to get the page finally stabilized.
Now, everything was stable when I entered XDA with the same "allow" list I had yesterday.
I'm not a big fan of "White List"ing sites, since so many sites have Facebook embedded in them (amongst many other tracking sites I don't like). Ever since Facebook violated my privacy and sucked up my personal contact information without my explicit approval, I ... ...
... well, let's just say I won't "Like" Facebook.
I appreciate the feedback from y'all, and I wish I knew what changed.
Thanks!
¿GJ?
Click to expand...
Click to collapse
I would suggest using something that will block them on all websites, then. You can probably do it using NoScript's advanced filtering options, but I personally already use AdBlock Plus, and there's a neat list you can subscribe to that will block all those buttons. Get the "Annoyance Block List" from here.
¿GotJazz? said:
It's weird - Something changed between yesterday and today. Yesterday, this page wouldn't sit still until I was able to do enough "Temporarily allow all this page" button presses (about 5 or 6) to get the page finally stabilized.
Now, everything was stable when I entered XDA with the same "allow" list I had yesterday.
I'm not a big fan of "White List"ing sites, since so many sites have Facebook embedded in them (amongst many other tracking sites I don't like). Ever since Facebook violated my privacy and sucked up my personal contact information without my explicit approval, I ... ...
... well, let's just say I won't "Like" Facebook.
I appreciate the feedback from y'all, and I wish I knew what changed.
Thanks!
¿GJ?
Click to expand...
Click to collapse
I have the opposite problem it seems, in that if I white-list the site then quite often one of the scripts goes haywire
and refreshes the page repeatedly for several refreshes or until the server complains with an error message about being overloaded.
It has been suggested to me that this may be a 2013 theme problem, so I'm trying the 2010 one for a few days to see if that fixes it.
Nameless One said:
I have the opposite problem it seems, in that if I white-list the site then quite often one of the scripts goes haywire
and refreshes the page repeatedly for several refreshes or until the server complains with an error message about being overloaded.
It has been suggested to me that this may be a 2013 theme problem, so I'm trying the 2010 one for a few days to see if that fixes it.
Click to expand...
Click to collapse
@Nameless One: Yes, I've been seeing the "Server Overloaded" error message as well. I wasn't sure if it was NoScript related, though I was beginning to suspect it. I would open the same XDA pages in IE or Chrome without any problem, but see the "Overloaded" error only with Firefox. Usually (but, not always), temporarily enabling all sites fixed that problem for me.
¿GJ?
I have the same constant refresh problem.
The site only works if I set noscript to allow everything globally or if I use IE (ouch).
It feels to me this site is overburdened with ad/tracking scripts and blocking them forces the site to break (admins anti block?).
I will try the 2010 theme idea and report back, also I do have the main domain whitelisted.
--edit--
2010 theme fixes it, so I guess a 2013 theme issue.
Yep - Dumped the 2013 Theme and went back to 2010 Theme.
Everything's groovy now.
¿GJ?
¿GotJazz? said:
Yep - Dumped the 2013 Theme and went back to 2010 Theme.
Everything's groovy now.
¿GJ?
Click to expand...
Click to collapse
2013 relies heavily on javascript so I imagine that is why you are having some issues. 2010 uses it much less but you may still see some issues relating to Javascript being blocked, such as menus not working and that sort of thing.

heartbleed bug

xda-developers.com is listed as one of the sites affected by the heartbleed bug, but testing tool now shows no vulnerability. A quick search shows no
Why aren't you bragging about patching this bug and how awesome you are at protecting our data?
At the very least, a notice about what's being done to protect xda and how it affects users would be much appreciated.
dstarfire said:
xda-developers.com is listed as one of the sites affected by the heartbleed bug, but testing tool now shows no vulnerability. A quick search shows no
Why aren't you bragging about patching this bug and how awesome you are at protecting our data?
At the very least, a notice about what's being done to protect xda and how it affects users would be much appreciated.
Click to expand...
Click to collapse
I'm curious what site it was listed on?
Just for anyone who is interested...
As soon as the severity of the flaw was clear, we began updating our machines. Some services use pre-built packages and others use custom-compiled software (using the flawed openssl version). We updated all of our services within 30 minutes or so.
The forum.xda-developers.com hostname uses a 3rd party service who was still vulnerable to heartbeat after we patched our internal services. We opened a ticket with them - I'm sure by that point they were aware of the issue and a fix was already in the works. About an hour after that they had patched their services.
This is definitely one of the worst security flaws in the history of the internet - you pretty much have to assume that any communications thought protected by https have been compromised unless there were other protections in addition to SSL.
https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
please patch asap
Isriam said:
https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
please patch asap
Click to expand...
Click to collapse
That list is old... see my statement above.
thats fine, but just so you know that link is posted on front page msn.com under heartbleed headlines.
Isriam said:
thats fine, but just so you know that link is posted on front page msn.com under heartbleed headlines.
Click to expand...
Click to collapse
Sure, but not too much I can do about old information.
The link loriam posted is the one I found xda mentioned on. However, before I posted, I also checked a live testing website that showed xda as safe.
If anybody is interested, the url for that site is filippo.io/Heartbleed/
Unless there is updated information that I was unable to see, your SSL certificate is showing as being from 7 months ago. Shouldn't it be updated since that was part of the information that was vulnerable to Heartbleed?
Are there any plans to replace and revoke the SSL certificates that were on the vulnerable servers? Since there are no logs it is impossible to know if anyone was able to obtain the private key for these certificates, and until revoked xda remains vulnerable to stealth MITM attacks.
wto605 said:
Are there any plans to replace and revoke the SSL certificates that were on the vulnerable servers? Since there are no logs it is impossible to know if anyone was able to obtain the private key for these certificates, and until revoked xda remains vulnerable to stealth MITM attacks.
Click to expand...
Click to collapse
New certs are in process... the CA's are a bit backlogged.
We are vulnerable to stealth MITM attacks only if someone has recorder/intercepted our traffic, and also if someone was able to decode our private key. Of which both are unlikely (but possible). So while we do work to replace our certs, the priority is "hey, we are doing this" and not "hey, let's shut down our ssl services."
bitpushr said:
New certs are in process... the CA's are a bit backlogged.
We are vulnerable to stealth MITM attacks only if someone has recorder/intercepted our traffic, and also if someone was able to decode our private key. Of which both are unlikely (but possible). So while we do work to replace our certs, the priority is "hey, we are doing this" and not "hey, let's shut down our ssl services."
Click to expand...
Click to collapse
I totally agree (and believe me I'm hating this crap as much as I'm sure you guys are)... I just wanted to make sure it was in progress as I'm waiting to change my password until then.
Well, I'm glad that you guys are taking the necessary steps to keep your and your users information safe. I feel bad for whoever would try and hack XDA-Developers, because they would probably receive a huge backlash.
Probably bad enough to melt their computer.
Sent from my dictionary.
Some progress in updating androids vulnerable openssl 1.0.1e ? Heartbleed is disabled (for me) but somehow i imagine unwanted changes like from apps etc
Sent from my GT-I9505 using xda app-developers app
GrammarNazi said:
Well, I'm glad that you guys are taking the necessary steps to keep your and your users information safe. I feel bad for whoever would try and hack XDA-Developers, because they would probably receive a huge backlash.
Probably bad enough to melt their computer.
Sent from my dictionary.
Click to expand...
Click to collapse
We would blow up all mobiles they own. Mwahahahah!
Sent from my HTC Explorer A310e using XDA Premium 4 mobile app
Our new SSL certificates are in place.
Glad to hear were safe. Maybe XDA should force all users to change their passwords?? In the security world it's just better off and safer to assume everything was compromised.
Sent from my Galaxy S4 using Tapatalk
bitpushr said:
Our new SSL certificates are in place.
Click to expand...
Click to collapse
Hi bitpushr,
How to use the secured connection when logging in and/or changing password in this forum? I haven't noticed any ssl connection when logging in and/or changing password from the control panel.
Online test for Heartbleed
There are sites that will test for it.

Categories

Resources