Jump to content

Let's Encrypt!


Recommended Posts

This is regarding dotpdn.com. At a minimum, this page http://www.dotpdn.com/downloads/pdn.html and the zip file should be served over HTTPS.

 

Inside the zip, the installer exe is signed by a "verified publisher", which is reassuring. But it's possible for an attacker to serve me a different zip file. Some users will run an exe that isn't signed by a verified publisher. Those users will get owned.

 

If we use https://letsencrypt.org/ then the only cost is developer time.

 

What does the dotpdn.com stack look like? I may be able to give configuration advice.

Link to comment
Share on other sites

12 minutes ago, NealEhardt said:

Those users will get owned.

Could get owned. Murphy's Law is not really a natural law.

 

20 minutes ago, NealEhardt said:

This is regarding dotpdn.com.

It's not just the dotpdn.com domain. When paint.net (the program) checks for updates, it's communicating with the getpaint.net domain. If there is an update, it will then download it from dotpdn.com.

 

 

At least for forum has encryption now (as of a few days ago).

 

Link to comment
Share on other sites

10 hours ago, dipstick said:

Ha,ha. ... Good luck owning me...............

 

It is not very wise to laugh about other people's safety concerns. It is also unwise to think about Linux as a secure operating system. This is not the case, as the developments of recent years have shown.
And finally, it is very unwise to hold a sandbox for a sufficient safety measure.
I think NealEhardt's proposal is absolutely reasonable.
Much smarter and more competent people than you have laughed too early.

Edited by IRON67
Link to comment
Share on other sites

I've been meaning to look into this, and I agree ...

 

... but, in the meantime, the EXE inside the ZIP is always digitally signed by "dotPDN LLC". So be sure to verify that.

 

 

signed.png

The Paint.NET Blog: https://blog.getpaint.net/

Donations are always appreciated! https://www.getpaint.net/donate.html

forumSig_bmwE60.jpg

Link to comment
Share on other sites

  • 3 months later...

yup :) Just got those all set up in the last week. Setting up SSL is not fun, but it had to be done!

 

All http:// requests should be auto-forwarding to https:// now. You may still see a grey "info" link (instead of green "secure") in the address bar for pages on the forum. I think it's because many images are served from http:// (oops, like my own signature image ... I should fix that Edit: fixed!)

  • Upvote 1

The Paint.NET Blog: https://blog.getpaint.net/

Donations are always appreciated! https://www.getpaint.net/donate.html

forumSig_bmwE60.jpg

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...