Forum open to new posts. Comments on recent security issue.
"We go again", Steven Gerrard, Liverpool F.C.
The forum is now open to new posts. However, please use some common sense. I will not tolerate personal attacks or continued abusive commentary on the recent security issue. You will be permanently banned as a result. Continuing the madness of the past 30 days serves no purpose.
I'd like to thank Martin, Linkfanel, Stu and others for their supportive comments on the various websites. Their ideas were more eloquently stated than I could have done.
I kept reading all those comments hoping to find some useful bits of technical information that would assist me in improving the security aspects of the Kiwi code. I found NONE. ZERO. There was nothing described I didn't already know. I didn't disagree with most of those comments. They were just not useful.
Make no mistake, the "backdoor" will return. It is the only way I can efficiently provide technical support. Yes, it will be opt-in, time limited and probably ssh tunneled. Amusingly, I have used the backdoor a number of times, with the explicit permission of the Kiwi owner/admin, to diagnose and fix those Kiwis failing to automatically update to version v1.461. You know, the version that removes the backdoor. Somewhere, somehow, I'd like to think Joseph Heller is having a slight chuckle at that.
I am working on implementing items from the existing long list of security issues. It will take some time unfortunately. Already storage of encrypted user/admin passwords is starting to work. But it is not so simple. All the possibilities must be handled and all the corner cases tested. And it has to be done in a way that doesn't substantially increase my support burden.