Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Kobo Reader

Notices

Reply
 
Thread Tools Search this Thread
Old 04-10-2014, 04:08 AM   #1
Geco
Zealot
Geco is on a distinguished road
 
Posts: 102
Karma: 56
Join Date: Aug 2011
Device: Touch, Aura
Thumbs down Heartbleed and security issues

Hi all,
searching for information on Hearthbleed security issue on internet sites, I've found these.

https://www.ssllabs.com/ssltest/anal...e.kobobooks.it

https://www.ssllabs.com/ssltest/anal...s=23.52.43.249

Not very nice news! Is someone at Kobo going to update _our_ security for _our_ data?


Thank you all,

Marco
Geco is offline   Reply With Quote
Old 04-10-2014, 09:10 AM   #2
murg
No Comment
murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.
 
Posts: 1,056
Karma: 1143978
Join Date: Jan 2012
Location: Australia
Device: Kobo: Not just an eReader, it's an adventure!
Both links show that the Kobo.com and Kobobooks.it sites are not vulnerable to the Heartbleed issues.
murg is offline   Reply With Quote
Old 04-11-2014, 09:53 AM   #3
Geco
Zealot
Geco is on a distinguished road
 
Posts: 102
Karma: 56
Join Date: Aug 2011
Device: Touch, Aura
You're right murg, but they also show a low level of security, regardless the Heartbleed itself.
Compare it with, say, https://rubygems.org that is anyway a 'free' site, we have a class 'F' security of Kobo against a class 'C' security of rubygems.
Geco is offline   Reply With Quote
Old 04-11-2014, 02:25 PM   #4
DNSB
Bibliophagist
DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.DNSB ought to be getting tired of karma fortunes by now.
 
DNSB's Avatar
 
Posts: 1,684
Karma: 5073018
Join Date: Jul 2010
Location: Vancouver
Device: Kobo Aura HD, Glo, Nexus 7, iPad 3
Quote:
Originally Posted by Geco View Post
You're right murg, but they also show a low level of security, regardless the Heartbleed itself.
Compare it with, say, https://rubygems.org that is anyway a 'free' site, we have a class 'F' security of Kobo against a class 'C' security of rubygems.
The major reason for the markdown seems to be due to allowing the use of insecure renegotiation opening the way for man in the middle attacks. Another reason for avoiding public networks for secure transactions. It would be better for Kobo to configure their servers in strict mode but there is a good chance of having issues with some systems.

I did find your worrying about Heartbleed on the Kobo site as a bit odd in light of the final portion of the report -- as far as I know, no version of Microsoft's IIS uses the OpenSSL code and so would not be vulnerable to the Heartbleed bug.

Regards,
David
DNSB is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Heartbleed bug speakingtohe News 41 04-17-2014 12:20 AM
Android Android security issues sarah11918 enTourage eDGe 7 07-21-2011 01:16 AM
Charging Issues and Screen Issues srj321 Sony Reader 2 07-11-2010 11:52 PM


All times are GMT -4. The time now is 03:53 PM.


MobileRead.com is a privately owned, operated and funded community.