Thijs Alkemade
2014-04-18 20:39:21 UTC
Hello all,
- First of all, heartbleed: Our webservers were still using OpenSSL 0.9.8, so
were unaffected. The Prosody XMPP server for adium.im however was using a
vulnerable version of OpenSSL. Just to be sure, I?ve generated a new
certificate and revoked the old one. The SHA1 fingerprint of the new
certificate is B6:5A:EB:C8:40:62:0B:13:46:3C:29:4D:9B:B8:01:31:59:CC:FB:8A.
(And for the record, Adium itself is not vulnerable to reverse heartbleed:
Adium uses CDSA, which used to use OpenSSL internally, but Apple never shipped
an OpenSSL version newer than 0.9.8.)
- We?ve been dealing with quite a bit more spam on trac lately. I?ve updated
the TracSpamFilter plugin and installed the dependencies for its Bayesian
learning plugin, so hopefully it?ll improve itself. If spam still makes it
through, people with appropriate admin powers can manage it here:
https://trac.adium.im/admin/spamfilter/monitor. See also the BadContent
wikipage which assigns penalties to certain words, and the BadIP page that can
be used to completely block the spammer?s IP address.
- Because I felt like reading a lot more spam today (well, not really), I went
through the pending posts to this list by non-members. Among the thousands of
spam messages I found only two clearly non-spam ones, which I?ve let through
(only 6 months late, though?)
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://adium.im/pipermail/devel_adium.im/attachments/20140418/4e92a728/attachment.bin>
- First of all, heartbleed: Our webservers were still using OpenSSL 0.9.8, so
were unaffected. The Prosody XMPP server for adium.im however was using a
vulnerable version of OpenSSL. Just to be sure, I?ve generated a new
certificate and revoked the old one. The SHA1 fingerprint of the new
certificate is B6:5A:EB:C8:40:62:0B:13:46:3C:29:4D:9B:B8:01:31:59:CC:FB:8A.
(And for the record, Adium itself is not vulnerable to reverse heartbleed:
Adium uses CDSA, which used to use OpenSSL internally, but Apple never shipped
an OpenSSL version newer than 0.9.8.)
- We?ve been dealing with quite a bit more spam on trac lately. I?ve updated
the TracSpamFilter plugin and installed the dependencies for its Bayesian
learning plugin, so hopefully it?ll improve itself. If spam still makes it
through, people with appropriate admin powers can manage it here:
https://trac.adium.im/admin/spamfilter/monitor. See also the BadContent
wikipage which assigns penalties to certain words, and the BadIP page that can
be used to completely block the spammer?s IP address.
- Because I felt like reading a lot more spam today (well, not really), I went
through the pending posts to this list by non-members. Among the thousands of
spam messages I found only two clearly non-spam ones, which I?ve let through
(only 6 months late, though?)
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://adium.im/pipermail/devel_adium.im/attachments/20140418/4e92a728/attachment.bin>