openpacket-devel Mailing List for OpenPacket Tools (Page 2)
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
openpacket-devel — OpenPacket development list
This list is closed, nobody may subscribe to it.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(25) |
Aug
(29) |
Sep
(6) |
Oct
(4) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(4) |
Feb
|
Mar
(8) |
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
(2) |
Sep
(3) |
Oct
(27) |
Nov
(3) |
Dec
(1) |
| 2008 |
Jan
(19) |
Feb
(16) |
Mar
(4) |
Apr
(8) |
May
(3) |
Jun
(15) |
Jul
(10) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
(5) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Aaron T. <syn...@gm...> - 2008-06-03 22:23:34
|
On Wed, May 21, 2008 at 11:29 AM, Aaron Turner <syn...@gm...> wrote: > Any plans to open up the source code available so other people can > contribute patches? Maybe make the host SVN repo or whatever globally > read-only? Anyone? Anyone? Buller? -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin |
|
From: David J. B. <da...@vo...> - 2008-06-02 13:16:43
|
I just uploaded some torrent files to OpenPacket. One is the Shmoocon 2007 torrent that has been up on the tracker for a while now. There are also three new torrents for packet captures from Defcon 8, 9 and 11. The Defcon 12 torrent is having a few issues, which I hope to have ironed out soon. I did these as torrents because the packet captures are very large. I think the smallest is about 5GB. I uploaded them the same way I would upload a PCAP file, and they're all tagged as "torrent". However, the data contained in these captures doesn't really fall easily into the standard "Normal/Suspicious/Malicious" category we use in OP. I would like to request a new category, just for torrents. This should make it easier for people who need to find large captures to use as a corpus of test data or something. For something slightly more difficult, it'd be kinda nice to embed the tracker stats for each torrent inside the OP interface. For example, before you download the torrent, it could show you the current # of seeds and peers. This is kind of standard on web sites that host torrents. I think we're going to collect more and more large captures via bittorrent in the future, so some basic support inside OP would be great. Oh, and please seed these! I'm the only one seeding the Defcon captures right now. Looks like I might need a new HD just to store these on at some point. David |
|
From: Aaron T. <syn...@gm...> - 2008-05-21 18:29:48
|
Any plans to open up the source code available so other people can contribute patches? Maybe make the host SVN repo or whatever globally read-only? -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin |
|
From: Richard B. <tao...@gm...> - 2008-05-20 13:37:12
|
On Mon, May 19, 2008 at 11:36 PM, Aaron Turner <syn...@gm...> wrote: > So I was thinking... what about allowing people to associate arbitrary > files with pcaps? Well maybe not just any arbitrary file... not sure > what the value of that is, but I'd definitely would be interested in > providing tcpprep cache files for each of the captures. > > What's a tcpprep cache file you ask? > > It's a small file (a fraction of the actual pcap file size) which > tells tcpreplay which packets are sent by a server and which are sent > by a client. Using this information, tcpreplay is able to split > traffic in a pcap file between two interfaces in order to test an > inline device like a firewall, router or IPS. > > If this is something Richard approves and Sharri implements I'd be > willing to provide tcpprep cache files for all of the existing pcaps. > Hi Aaron, I think this is a good idea. Users will probably be fairly creative. We can have the moderators check the file to ensure it's not something disagreeable. Would you mind filing a feature request at http://sourceforge.net/tracker/?group_id=148106&atid=770565 ? Thank you, Richard |
|
From: Aaron T. <syn...@gm...> - 2008-05-20 03:36:18
|
So I was thinking... what about allowing people to associate arbitrary files with pcaps? Well maybe not just any arbitrary file... not sure what the value of that is, but I'd definitely would be interested in providing tcpprep cache files for each of the captures. What's a tcpprep cache file you ask? It's a small file (a fraction of the actual pcap file size) which tells tcpreplay which packets are sent by a server and which are sent by a client. Using this information, tcpreplay is able to split traffic in a pcap file between two interfaces in order to test an inline device like a firewall, router or IPS. If this is something Richard approves and Sharri implements I'd be willing to provide tcpprep cache files for all of the existing pcaps. -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin |
|
From: JJ C. <cum...@gm...> - 2008-04-09 15:10:45
|
Hello again all, I just wanted to post a quick update and let everyone know that we have addressed many issues that were recently reported and are also looking into a bug reporting / feature request tracking interface that we will be letting everyone know about when apt. One of the updates that will be immediately visible is the addition of a validly signed certificate and the redirect from http to http_*s*_. Thank you for your support and feedback thus far! Cheers, JJC |
|
From: Richard B. <tao...@gm...> - 2008-04-08 12:47:12
|
Jan, Thank you for the bug report. Sharri, would you mind taking a look at this? And do you have any preferences or ideas for bug and feature tracking? Sincerely, Richard On Mon, Apr 7, 2008 at 1:27 AM, Jan Ruzicka <ruz...@gm...> wrote: > Hi > > I'm not sure where to post a bug report. > I have downloaded a capture file, but the count did not go up. > > Steps: > 1) logged in > 2) selected the list http://www.openpacket.org/capture/list > 3) clicked on the "MessengerProtocol.pcap" > 4) clicked on save in browser dialog for saving a file > 5) clicked on details > [http://www.openpacket.org/capture/show/3] > > result: > Number of downloads: 0 > > expected result: > Number of downloads higher then 0 and incremented > from number previously seen on details section > > Sincerely > Jan Ruzicka > |
|
From: Richard B. <tao...@gm...> - 2008-04-08 12:44:18
|
Hi Aaron, answers inline: On Fri, Apr 4, 2008 at 6:42 PM, Aaron Turner <syn...@gm...> wrote: > 1. Clicking on a userid when reading a message in a thread redirects > you to your own profile, not the profile of the userid you clicked on > Sharri, can you fix this? > 2. I see https is enabled (only because I read so in the forums), but > the login form links don't use it. > HTTPS is a disappointment. I went through the process of getting a free cert from GoDaddy (thought it would be a good deal) only to find out it's essentially self-signed. Still, Sharri, can you add HTTPS to the login process? > 3. Not so much a "bug", but the website is rather slow... slow enough > that it gets a bit frustrating. The main page can take over 7sec to > load. > JJ is looking at this. It seems quick enough to me, but I sit behind a Squid proxy. > 4. Having the pcap file size and a SHA1 digest available for each > download would be nice. > Sharri, can you add file size and md5, sha1, and sha256 hashes to the details page for each trace? > 5. All the dates/times are accurate to seconds, but don't say what > timezone you're talking about. > Sharri, can you add a time zone to the date and time on the details page? For example: Submitted by: stretch on 2008-02-26 08:49:53 > 6. I downloaded bittorrent_Azureus_handshake_and_request.pcap. > There's no 3way handshake. Would be nice if such malformed/incomplete > pcap's were marked. > I think this is up to the submitter and the moderators, but I don't think the moderators will have time to note these sorts of issues. I recommend someone who downloads it then add an item on the discussion page. > 7. There's no discuss link on the pcap details page (or it's > sufficiently hidden I don't see it) > Sharri, can you add a Discuss link to the Details page for each capture? > -- > Aaron Turner Thanks Aaron, Sharri, and JJ, Richard |
|
From: Aaron T. <syn...@gm...> - 2008-04-04 22:42:11
|
1. Clicking on a userid when reading a message in a thread redirects you to your own profile, not the profile of the userid you clicked on 2. I see https is enabled (only because I read so in the forums), but the login form links don't use it. 3. Not so much a "bug", but the website is rather slow... slow enough that it gets a bit frustrating. The main page can take over 7sec to load. 4. Having the pcap file size and a SHA1 digest available for each download would be nice. 5. All the dates/times are accurate to seconds, but don't say what timezone you're talking about. 6. I downloaded bittorrent_Azureus_handshake_and_request.pcap. There's no 3way handshake. Would be nice if such malformed/incomplete pcap's were marked. 7. There's no discuss link on the pcap details page (or it's sufficiently hidden I don't see it) -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin |
|
From: Richard B. <tao...@gm...> - 2008-04-03 00:20:26
|
On Wed, Apr 2, 2008 at 3:01 PM, Jeremy Stretch <st...@pa...> wrote: > It's been interesting watching the site grow and change over the past few > months. Congrats on making it to production! > > Have you considered integrating with the Wireshark or other communities in > some manner? I think at least a link from their wiki's capture page > (http://wiki.wireshark.org/SampleCaptures) under "Other Sources" would be > worthwhile. > > I'll do my part to help spread the word now that OP is live. =) > > stretch > Hello, We're not live until we get a few other items ironed out... during testing we found a few bugs that prevent Moderators from approving traces, so once Sharri fixes those I'll post an announcement. Thank you, Richard |
|
From: Jeremy S. <st...@pa...> - 2008-04-02 20:00:01
|
It's been interesting watching the site grow and change over the past few months. Congrats on making it to production! Have you considered integrating with the Wireshark or other communities in some manner? I think at least a link from their wiki's capture page (http://wiki.wireshark.org/SampleCaptures) under "Other Sources" would be worthwhile. I'll do my part to help spread the word now that OP is live. =) stretch Richard Bejtlich wrote: > Hello everyone, > > I think we're almost ready to go live. I asked Sharri to take a look > at the ability to remove traces once published, and a few other minor > items. Assuming she can make those changes, I'd like to post word of > OpenPacket.org on the TaoSecurity Blog on Wednesday 2 April. > > If you have any final testing you'd like to do, please do so before we > go "live." > > OpenPacket.org is available at http://www.openpacket.org. > > Thank you, > > Richard > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > |
|
From: Nathaniel R. <nat...@ri...> - 2008-04-01 14:06:14
|
When you install Wireshark on Windows, there is a box checked by default that associates the following extensions with Wireshark. It does include the pcap extension: 5vw, acp, apc, atc, bfr, cap, enc, erf, fdc, pcap, pkt, snoop, syc, tpc, tr1, trace, trc, wpc, wpz, rf5 Nate Leon Ward wrote: > Not a Windows guy myself, does anyone know what file extensions are linked to wireshark automatically (if any) in the win32 installer? We should stick to whatever that is to lower the risk of confusing newbies. > > I also see/use .pcap most frequently, followed by .cap > > -Leon > > On 30 Mar 2008, at 16:51, CS Lee wrote: > >> Hi Rich, >> >> I know you prefer to use lpc extension for pcap file, can we have the standard extension. Basically I prefer .pcap as it is >> suggested >> by LBL. This is not big deal but I always prefer same type of >> file >> with same extension. I have seen most of the pcap files that are submitted using .pcap extension as well. >> >> Thanks. >> >> On Sun, Mar 30, 2008 at 9:47 AM, Richard Bejtlich >> <tao...@gm... >> > wrote: >> Hello everyone, >> >> I think we're almost ready to go live. I asked Sharri to take a look >> at the ability to remove traces once published, and a few other minor >> items. Assuming she can make those changes, I'd like to post word of >> OpenPacket.org on the TaoSecurity Blog on Wednesday 2 April. >> >> If you have any final testing you'd like to do, please do so >> before we >> go "live." >> >> OpenPacket.org is available at http://www.openpacket.org. >> >> Thank you, >> >> Richard >> >> ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. >> It's the best place to buy or sell services for >> just about anything Open Source. >> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ >> Openpacket-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/openpacket-devel >> >> >> >> -- >> Best Regards, >> >> CS Lee<geek00L[at]gmail.com> >> >> http://geek00l.blogspot.com >> ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. >> It's the best place to buy or sell services for >> just about anything Open Source. >> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace_______________________________________________ Openpacket-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/openpacket-devel > > ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace_______________________________________________ Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > |
|
From: Richard B. <tao...@gm...> - 2008-03-30 18:19:00
|
Sure, I'll use .pcap. I don't mind whatever people upload though. Richard On Sun, Mar 30, 2008 at 1:28 PM, Leon Ward <leo...@so...> wrote: > Not a Windows guy myself, does anyone know what file extensions are linked > to wireshark automatically (if any) in the win32 installer? > We should stick to whatever that is to lower the risk of confusing newbies. > > I also see/use .pcap most frequently, followed by .cap > > -Leon > > > > On 30 Mar 2008, at 16:51, CS Lee wrote: > > > Hi Rich, > > I know you prefer to use lpc extension for pcap file, can we have the > standard extension. Basically I prefer .pcap as it is suggested by LBL. This > is not big deal but I always prefer same type of file with same extension. > I have seen most of the pcap files that are submitted using .pcap extension > as well. > > Thanks. > > On Sun, Mar 30, 2008 at 9:47 AM, Richard Bejtlich <tao...@gm...> > wrote: > > Hello everyone, > > > > I think we're almost ready to go live. I asked Sharri to take a look > > at the ability to remove traces once published, and a few other minor > > items. Assuming she can make those changes, I'd like to post word of > > OpenPacket.org on the TaoSecurity Blog on Wednesday 2 April. > > > > If you have any final testing you'd like to do, please do so before we > > go "live." > > > > OpenPacket.org is available at http://www.openpacket.org. > > > > Thank you, > > > > Richard > > > > ------------------------------------------------------------------------- > > Check out the new SourceForge.net Marketplace. > > It's the best place to buy or sell services for > > just about anything Open Source. > > > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > > _______________________________________________ > > Openpacket-devel mailing list > > Ope...@li... > > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > > > > > > -- > Best Regards, > > CS Lee<geek00L[at]gmail.com> > > http://geek00l.blogspot.com > ------------------------------------------------------------------------- > > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace_______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > > |
|
From: Leon W. <leo...@so...> - 2008-03-30 17:28:25
|
Not a Windows guy myself, does anyone know what file extensions are linked to wireshark automatically (if any) in the win32 installer? We should stick to whatever that is to lower the risk of confusing newbies. I also see/use .pcap most frequently, followed by .cap -Leon On 30 Mar 2008, at 16:51, CS Lee wrote: > Hi Rich, > > I know you prefer to use lpc extension for pcap file, can we have > the standard extension. Basically I prefer .pcap as it is suggested > by LBL. This is not big deal but I always prefer same type of file > with same extension. I have seen most of the pcap files that are > submitted using .pcap extension as well. > > Thanks. > > On Sun, Mar 30, 2008 at 9:47 AM, Richard Bejtlich <tao...@gm... > > wrote: > Hello everyone, > > I think we're almost ready to go live. I asked Sharri to take a look > at the ability to remove traces once published, and a few other minor > items. Assuming she can make those changes, I'd like to post word of > OpenPacket.org on the TaoSecurity Blog on Wednesday 2 April. > > If you have any final testing you'd like to do, please do so before we > go "live." > > OpenPacket.org is available at http://www.openpacket.org. > > Thank you, > > Richard > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > > > > -- > Best Regards, > > CS Lee<geek00L[at]gmail.com> > > http://geek00l.blogspot.com > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace_______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel |
|
From: CS L. <ge...@gm...> - 2008-03-30 15:52:16
|
Hi Rich, I know you prefer to use lpc extension for pcap file, can we have the standard extension. Basically I prefer .pcap as it is suggested by LBL. This is not big deal but I always prefer same type of file with same extension. I have seen most of the pcap files that are submitted using .pcap extension as well. Thanks. On Sun, Mar 30, 2008 at 9:47 AM, Richard Bejtlich <tao...@gm...> wrote: > Hello everyone, > > I think we're almost ready to go live. I asked Sharri to take a look > at the ability to remove traces once published, and a few other minor > items. Assuming she can make those changes, I'd like to post word of > OpenPacket.org on the TaoSecurity Blog on Wednesday 2 April. > > If you have any final testing you'd like to do, please do so before we > go "live." > > OpenPacket.org is available at http://www.openpacket.org. > > Thank you, > > Richard > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > -- Best Regards, CS Lee<geek00L[at]gmail.com> http://geek00l.blogspot.com |
|
From: Richard B. <tao...@gm...> - 2008-03-30 01:47:43
|
Hello everyone, I think we're almost ready to go live. I asked Sharri to take a look at the ability to remove traces once published, and a few other minor items. Assuming she can make those changes, I'd like to post word of OpenPacket.org on the TaoSecurity Blog on Wednesday 2 April. If you have any final testing you'd like to do, please do so before we go "live." OpenPacket.org is available at http://www.openpacket.org. Thank you, Richard |
|
From: David J. B. <da...@vo...> - 2008-02-28 13:46:17
|
Another thought I had (unfortunately, about 30 seconds after sending my previous message). When you see a user's name somewhere on the site, maybe in a forum posting or as a submitter of a trace, it'd be nice to have a little icon or something next to it to show what type of user they are. Especially in the forums, when participating in a conversation, this info could be important in putting a user's comments into context. David |
|
From: David J. B. <da...@vo...> - 2008-02-28 13:40:54
|
I was playing with the moderation features a bit, approving a sample capture. I noticed that when you ask for details on an approved sample, you get the submitter's name and time of submission, but nothing about the moderator who approved it, or when. I suggest that we make sure this information is tracked for auditing purposes, and also displayed to the users. After all, part of the deal with OP is that it is moderated, so it'd be nice to let people know which moderator approved the sample. Also, it's possible that the same sample could be approved/unapproved several times, so it'd be nice to have a link on the details page that you could click to get the entire history of who did what when. I'd also like to suggest the possibility of adding moderator comments, which would be separate from the comments included by the submitter. These would be very handy, especially when unapproving a trace for some reason, but would also allow moderators to include additional details clarifying the contents of the trace files. David |
|
From: Jeremy S. <st...@pa...> - 2008-02-26 15:02:52
|
The site looks great! I like the AJAX voting utility, very slick. A couple issues I noticed: - Registration works okay, but at the end when the user is required to provide a password, both fields are prepopulated with the string "size20" (masked by asterisks, of course). Not sure if this was meant to be a dynamically generated unique password, but it's never displayed to the user in the clear. - The E-mail bbcode tag doesn't shield against address harvesters. Recommend character substitution to disguise the format. - Consider adding explicit guidance for separating keywords when uploading a capture (are we supposed to use spaces or commas?) - Captures are accessible before being cleared by a moderator (link is on the uploader's profile page under "My Uploads") stretch Richard Bejtlich wrote: > Hello everyone, > > Sharri has been working again on OpenPacket.org, and JJ moved the > system to a production box reachable at www.openpacket.org. > > Would those of you with some time please take another look at the site? > > Thank you, > > Richard > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > > |
|
From: Keith K. <kun...@gm...> - 2008-02-26 12:51:59
|
looks good, but I still see the double directory link problem if you go to http://www.openpacket.org/pages/about the about link on that page is http://www.openpacket.org/pages/pages/about not a big deal, but still causes an error. I was able to register this time :-D. -k On Mon, Feb 25, 2008 at 10:19 PM, John Curry <joh...@me...> wrote: > I really like the added features. Great work! > I noticed you only get one chance to click to vote. Can you recast your > vote? > > Thank you, > > -John > > > Richard Bejtlich wrote: > > Hello everyone, > > > > Sharri has been working again on OpenPacket.org, and JJ moved the > > system to a production box reachable at www.openpacket.org. > > > > Would those of you with some time please take another look at the site? > > > > Thank you, > > > > Richard > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Microsoft > > Defy all challenges. Microsoft(R) Visual Studio 2008. > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > _______________________________________________ > > Openpacket-devel mailing list > > Ope...@li... > > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > |
|
From: David J. B. <da...@vo...> - 2008-02-26 03:45:36
|
If you don't get that, maybe try StartSSL (www.startssl.com). Free web certs for pretty much anyone. Some of the browsers might not have the CA cert already loaded, but if you can deal with that, you can't beat the price. David Richard Bejtlich wrote: > On Mon, Feb 25, 2008 at 9:53 PM, James Pleger <jp...@gm...> wrote: >> Might be worth mentioning: >> >> Godaddy provides free SSL certs to certain open source projects. I am not >> sure what the requirements are, but it might be worth looking into to save a >> few dollars :P >> >> https://www.godaddy.com/gdshop/ssl/ssl_opensource.asp?se=%2B >> > > James, > > Great idea! I just applied for one. > > Thank you, > > Richard > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel |
|
From: John C. <joh...@me...> - 2008-02-26 03:19:17
|
I really like the added features. Great work! I noticed you only get one chance to click to vote. Can you recast your vote? Thank you, -John Richard Bejtlich wrote: > Hello everyone, > > Sharri has been working again on OpenPacket.org, and JJ moved the > system to a production box reachable at www.openpacket.org. > > Would those of you with some time please take another look at the site? > > Thank you, > > Richard > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > |
|
From: Richard B. <tao...@gm...> - 2008-02-26 02:59:14
|
On Mon, Feb 25, 2008 at 9:53 PM, James Pleger <jp...@gm...> wrote: > Might be worth mentioning: > > Godaddy provides free SSL certs to certain open source projects. I am not > sure what the requirements are, but it might be worth looking into to save a > few dollars :P > > https://www.godaddy.com/gdshop/ssl/ssl_opensource.asp?se=%2B > James, Great idea! I just applied for one. Thank you, Richard |
|
From: Richard B. <tao...@gm...> - 2008-02-26 02:49:28
|
On Mon, Feb 25, 2008 at 9:48 PM, James Pleger <jp...@gm...> wrote: > One thing that I might suggest is to put this on https rather than http so > you don't have to worry about any clients behind ips getting messed with :) > > Another thing that I noticed was that profile pages can be edited to include > javascript, and can be used to xss someone: > http://www.openpacket.org/profile/public_profile?userid=jpleger > > Errors out with 500 if the user doesn't exist when trying to reset password: > http://www.openpacket.org/profile/forgot_password > Thanks James. JJ just mentioned we need to buy a SSL cert. That could be our first donation. Richard |
|
From: James P. <jp...@gm...> - 2008-02-26 02:48:09
|
One thing that I might suggest is to put this on https rather than http so you don't have to worry about any clients behind ips getting messed with :) Another thing that I noticed was that profile pages can be edited to include javascript, and can be used to xss someone: http://www.openpacket.org/profile/public_profile?userid=jpleger Errors out with 500 if the user doesn't exist when trying to reset password: http://www.openpacket.org/profile/forgot_password On Mon, Feb 25, 2008 at 7:33 PM, Richard Bejtlich <tao...@gm...> wrote: > Hello everyone, > > Sharri has been working again on OpenPacket.org, and JJ moved the > system to a production box reachable at www.openpacket.org. > > Would those of you with some time please take another look at the site? > > Thank you, > > Richard > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > |
6 messages has been excluded from this view by a project administrator.
