AnimeSuki Forums

Register Forum Rules FAQ Members List Social Groups Search Today's Posts Mark Forums Read

Go Back   AnimeSuki Forum > General > Forum & Site Feedback

Notices

Reply
 
Thread Tools
Old 2004-09-18, 16:45   Link #1
Tursiops_G
Technoid
 
 
Join Date: Feb 2004
Location: Connecticut, USA
Age: 56
PayPal trying to establish SSL Connection?



I've just installed FireFox 1.0PR, and had a rather unpleasant surprise when I tried to access AnimeSuki...

An ALERT dialog box popped up, and stated: "You cannot connect to www.paypal.com because SSL is disabled"

Why would just accessing AnimeSuki's main page cause PayPal to try and open a Secure Socket Layer connection to my browser?

Is there a Security Issue/breach here?

-Tursiops_G.
Tursiops_G is offline   Reply With Quote
Old 2004-09-18, 17:51   Link #2
JustAnotherFan
/(bb|[^b]{2})/
 
 
Join Date: Nov 2003
The PayPal donation button uses a secure connection to transfer the image. So all you need that SSL for in this case is to transfer that logo. Don't ask my why that image is so "at risk" that it needs to be protected :P but it's nothing to worry about.
__________________
#AnimeSuki IRC channel:
#AnimeSuki@irc.synirc.net
JustAnotherFan is offline   Reply With Quote
Old 2004-09-19, 01:30   Link #3
Roots
外人、漫画訳者
 
 
Join Date: Jul 2003
Location: Austin, TX
Age: 32
Quote:
Originally Posted by JustAnotherFan
The PayPal donation button uses a secure connection to transfer the image. So all you need that SSL for in this case is to transfer that logo. Don't ask my why that image is so "at risk" that it needs to be protected :P but it's nothing to worry about.
FYI: Within the past couple of days I've seen vulnerability reports released for JPEG decoding causing a buffer overflow. So it is possible for an image to be a backdoor into your system.
__________________

Hero of Allacrost, a free 2D RPG in development.
Roots is offline   Reply With Quote
Old 2004-09-19, 12:40   Link #4
boneyjellyfish
Evangelist of the Kazoo
 
 
Join Date: Apr 2003
Location: AnimeSuki Forums
Would it be against the terms and conditions of paypal to host the image elsewhere? Like... I dunno, this?

boneyjellyfish is offline   Reply With Quote
Old 2004-09-19, 13:25   Link #5
GHDpro
Administrator
*Administrator
 
 
Join Date: Jan 2001
Location: Netherlands
Age: 35
Er... if the PayPal image is the problem, wouldn't you also get this problem with THOUSANDS
of other sites having similar "Please Donate" buttons?
GHDpro is offline   Reply With Quote
Old 2004-09-19, 14:06   Link #6
Tursiops_G
Technoid
 
 
Join Date: Feb 2004
Location: Connecticut, USA
Age: 56
Lightbulb

Quote:
Originally Posted by GHDpro
Er... if the PayPal image is the problem, wouldn't you also get this problem with THOUSANDS
of other sites having similar "Please Donate" buttons?
Good question. Other sites (Baka-Updates, etc.) didn't cause that to happen... I looked at their page sources, and the PayPal donate button is located on-site.

I Viewed AnimeSuki's page source, and indeed, the PayPal donate button is linked from PayPal with HTTPS. (It's a GIF Image, so there's no chance of it being exploited, unlike a JPEG).

I checked further, and found that when I installed FF 1.0PR, it disabled SSL for some reason...

I've since re-enabled SSL 2.0 & 3.0 in FF, and all's good again...

Thanks.

-Tursiops_G.
Tursiops_G is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 11:58.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
We use Silk.