Hello, Sorry for duplicating my post here. I think it is related to security, so it worth to let people know as soon as possible, please forgive me for my double post. I asked on libreoffice-user irc by got no replay, so I post here. Thanks for any help!
Here is my original post to [email protected]: === Hello, Sorry to post a off-topic question here, but I think it worth to do it. Please forgive me if I made any stupid mistake. Half an hour ago I try to register a new account on https://wiki.documentfoundation.org , below is what happens: 1. I opened https://wiki.documentfoundation.org with chromium (18.0.1025.168 Ubuntu 11.10) Chromium' url bar told me: " https://wiki.documentfoundation.org is verified by StartCom Class 2 Primary Intermediate Server CA " and showed a green lock at the left of the url bar. 2. Then I opened https://wiki.documentfoundation.org/index.php?title=Special:UserLogin&action=submitlogin&type=signup The green lock changed with a red "X", and chromium told me: "However, this page includes other resources which are not secure." 3. I didn't care about the warning to much, just type username, password and so on. 4. Finally I clicked on the "Submit" button, however, nothing happens. I thought it was a temporary network connection issue, so I clicked the "Submit" button again and again. However, nothing happen still. 5. I open the developer's tool of Chromium, looking at the console, and found the below errors: --- snip --- Failed to load resource https://challenge.asirra.com/cgi/Asirra?action=ScoreResponse&sessionId=undefined&response=undefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefined&rand=0.827300843084231 https://challenge.asirra.com/images/border5.gifFailed to load resource https://challenge.asirra.com/images/hip_help.gifFailed to load resource https://challenge.asirra.com/images/hip_reload.gifFailed to load resource --- snip --- 6. I directly open https://challenge.asirra.com , then it jump to: http://research.microsoft.com/en-us/um/redmond/projects/asirra/ So I guess there is a man-in-the-middle attacking!!! Here is some other information: $ cat /etc/resolv.conf # Generated by NetworkManager nameserver 8.8.8.8 nameserver 4.2.2.1 $ mtr 8.8.8.8 eys: Help Display mode Restart statistics Order of fields quit Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. 180.88.16.1 11.1% 9 3.5 4.8 2.3 17.2 5.0 2. 180.88.16.1 11.1% 9 12.5 5.1 2.7 12.5 3.6 3. ??? 4. 172.16.253.190 0.0% 8 2.2 4.1 2.2 9.1 2.4 5. 172.16.253.174 0.0% 8 2.5 3.9 2.5 5.6 1.2 6. ??? (there is no more routers showed) The html source saved from libreoffice new account page: http://paste.ubuntu.com/1151609/ Javascript source code from http://challenge.asirra.com/js/AsirraClientSide.js http://paste.ubuntu.com/1151612/ ( http://challenge.asirra.com/js/AsirraClientSide.js is found from https://wiki.documentfoundation.org/index.php?title=Special:UserLogin&action=submitlogin&type=signup ) Content of https://challenge.asirra.com/cgi/Asirra?action=ScoreResponse&sessionId=undefined&response=undefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefinedundefined&rand=0.827300843084231 (Got this URL from the console output regarding "Failed to load resource" in step 5) http://paste.ubuntu.com/1151615/ The above are what I know at this time, I'm not very sure happens. I need your helps: 1. Could someone confirm whether the register new account page of libreoffice wiki work for you? 2. Could someone help to figure out if the libreoffice website itself is attacked, or if I got attached? I just want to create a new account and add some fonts to the font wish list, so sadly can't create an account at all... Thanks in advance! === -- Regards, Qian Hong - Sent from Ubuntu http://www.ubuntu.com/ -- Unsubscribe instructions: E-mail to [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/website/ All messages sent to this list will be publicly archived and cannot be deleted
