Reply
Thread Tools
Posts: 92 | Thanked: 144 times | Joined on Apr 2014
#11
I'm in full support of your ideas.

When connecting to gmail with MicroB I get the yellow ssl notification bar 'gmail.com verified by (null)'

(null) doesn't sound very secure.
Would be great to update the certificates..
 

The Following User Says Thank You to Dongle Fongle For This Useful Post:
pichlo's Avatar
Posts: 6,447 | Thanked: 20,981 times | Joined on Sep 2012 @ UK
#12
Originally Posted by Dongle Fongle View Post
When connecting to gmail with MicroB I get the yellow ssl notification bar 'gmail.com verified by (null)'

(null) doesn't sound very secure.
As far as I am concerned, 'gmail.com' doesn't sound very secure
 

The Following 5 Users Say Thank You to pichlo For This Useful Post:
Posts: 92 | Thanked: 144 times | Joined on Apr 2014
#13
Not my preferred provider either, only for a few things.
My private mail is on a proper privacy friendly provider

Also still compatible with the built in email client.
G-m does not work due to supposedly outdated client, hence MicroB.

Disregarding privacy, the G-m seem to have their security protocols quite top notch.

In any case, replacing certificates where needed and other security updates would be more than helpful if we are able to achieve 2015/16 security standards.

Last edited by Dongle Fongle; 2015-11-04 at 16:26.
 

The Following 4 Users Say Thank You to Dongle Fongle For This Useful Post:
Posts: 2,076 | Thanked: 3,268 times | Joined on Feb 2011
#14
This would mean updating the whole system, no?
Critical glibc bugs:
https://rhn.redhat.com/errata/RHSA-2015-0090.html
https://rhn.redhat.com/errata/RHSA-2015-0092.html
...
Last time ppl tried using latest libc/glibc builds from debian random apps would break (calendar etc)
 

The Following 2 Users Say Thank You to szopin For This Useful Post:
Posts: 23 | Thanked: 69 times | Joined on Nov 2014
#15
Originally Posted by szopin View Post
This would mean updating the whole system, no?
Critical glibc bugs:
https://rhn.redhat.com/errata/RHSA-2015-0090.html
https://rhn.redhat.com/errata/RHSA-2015-0092.html
...
Last time ppl tried using latest libc/glibc builds from debian random apps would break (calendar etc)
If you're referring to the so-called GHOST glibc bug (https://www.redhat.com/security/data...2015-0235.html), it has been patched in cssu-testing:
http://wiki.maemo.org/Community_SSU/Changelog#Tmaemo11

I guess this one should go in next cssu-stable if nobody reported any issue (?).
But others security issues might still be hiding in our not-so-young glibc, and it looks like we're still forced to backport patches instead of upgrading.
 

The Following 7 Users Say Thank You to bencoh For This Useful Post:
Posts: 2,076 | Thanked: 3,268 times | Joined on Feb 2011
#16
Yeah, forgive maritime metaphor, but it's like patching the sails when the boat is leaking
 

The Following 2 Users Say Thank You to szopin For This Useful Post:
Posts: 92 | Thanked: 144 times | Joined on Apr 2014
#17
as said in Deus Ex Human Revolution:

"You don't fix an entire firewall, you find the loophole and plug it."

Many loopholes..luckily we are on dry land?
 

The Following 2 Users Say Thank You to Dongle Fongle For This Useful Post:
Community Council | Posts: 685 | Thanked: 1,234 times | Joined on Sep 2010 @ Mbabane
#18
Originally Posted by Dongle Fongle View Post
G-m does not work due to supposedly outdated client, hence MicroB.
Slightly OT, but Gmail definitely works on N900 for many of us. Check your configs. Hoping you're on CSSU as well.
 

The Following 3 Users Say Thank You to sicelo For This Useful Post:
Posts: 92 | Thanked: 144 times | Joined on Apr 2014
#19
Originally Posted by sicelo View Post
Slightly OT, but Gmail definitely works on N900 for many of us. Check your configs. Hoping you're on CSSU as well.
Yes, I'm on CSSU. Correct, I checked my security settings at gmail, having 'access restricted from apps with weaker security', it won't work in the N900s mail client.

I prefer not to potentially compromise security in favour of ease of use. The N900 is a mighty beast, however can it stay safe by updating security protocols and removing outdated ones?
 

The Following User Says Thank You to Dongle Fongle For This Useful Post:
Posts: 567 | Thanked: 2,965 times | Joined on Oct 2009
#20
To improve security on the N900 for web browsing, we need to do 2 things. First we need to make sure the root certificate store is up-to-date (CSSU has it in maemo-security-certman repo so we need to update it there if there is anything that needs doing to that repo) and secondly we need to upgrade/fix/improve nss inside microb-engine (and make the relavent changes to microb-engine as well). Its definatly possible in that all the relavent bits are 100% FOSS, it just needs someone that understands Gecko, NSS and microb-engine who can do the work
 

The Following 7 Users Say Thank You to jonwil For This Useful Post:
Reply

Tags
fremantle, microb

Thread Tools

 
Forum Jump


All times are GMT. The time now is 16:20.