privacyguides/privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

Ghostbin #408

New Issue
Closed
opened 2018-03-16 13:06:02 +00:00 by huubert · 6 comments
huubert commented 2018-03-16 13:06:02 +00:00 (Migrated from github.com)
Copy Link

Ghostbin is not really secure, because after creating an encrypted paste, it's possible to access it with javascript disabled, which means the content is not decrypted in the user's browser. Also, it requires cookies to even work at all, which shouldn't be needed.

Ghostbin is not really secure, because after creating an encrypted paste, it's possible to access it with javascript disabled, which means the content is not decrypted in the user's browser. Also, it requires cookies to even work at all, which shouldn't be needed.
Hillside502 commented 2018-03-16 20:17:18 +00:00 (Migrated from github.com)
Copy Link

Open Source Ghostbin Alternatives - AlternativeTo.net
https://alternativeto.net/software/ghostbin/?license=opensource

Open Source Ghostbin Alternatives - AlternativeTo.net https://alternativeto.net/software/ghostbin/?license=opensource
ghost commented 2018-03-16 21:57:17 +00:00 (Migrated from github.com)
Copy Link

It can be self-hosted, though, if you're concerned about server-side security. But yeah, we're just recommending the main server.

It can be self-hosted, though, if you're concerned about server-side security. But yeah, we're just recommending the main server.
huubert commented 2018-03-17 16:27:12 +00:00 (Migrated from github.com)
Copy Link

I don't consider that secure, but maybe it's just me...
Regardless, Ghostbin should be the third option in the Paste Services section and not the first, and maybe it should be mentioned in the notes that encryption/decryption is not done in the browser.

I don't consider that secure, but maybe it's just me... Regardless, Ghostbin should be the third option in the Paste Services section and not the first, and maybe it should be mentioned in the notes that encryption/decryption is not done in the browser.
ghost commented 2018-05-10 08:58:34 +00:00 (Migrated from github.com)
Copy Link

Just FYI:
ghostbin.com runs outdated Apache 2.4.18 and outdated OpenSSH 7.2 P2. The security of the whole server setup isn't very exemplary. Furthermore, the TLS configuration supports insecure RC4 for encryption and weak cipher suites.

Just FYI: ghostbin.com runs outdated [Apache 2.4.18](https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-66/version_id-199589/Apache-Http-Server-2.4.18.html) and outdated [OpenSSH 7.2 P2](https://www.cvedetails.com/vulnerability-list/vendor_id-97/product_id-585/version_id-194112/Openbsd-Openssh-7.2.html). The security of the [whole server setup](https://www.htbridge.com/websec/?id=rYAkummU) isn't very exemplary. Furthermore, the TLS configuration [supports insecure RC4 for encryption and weak cipher suites](https://tls.imirhil.fr/https/ghostbin.com).
👍 3
ghost commented 2018-05-27 06:52:38 +00:00 (Migrated from github.com)
Copy Link

See also my comparison in #454

See also [my comparison](https://github.com/privacytoolsIO/privacytools.io/issues/454#issuecomment-385314214) in #454
👍 1
Vincevrp commented 2019-02-28 19:46:32 +00:00 (Migrated from github.com)
Copy Link

Discussion can continue in #454

Discussion can continue in #454
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
🔍🤖 Search Engines
approved
approved, waiting for a PR
dependencies
Pull requests that update a dependency file
duplicate
feedback wanted
high priority
I2P
The Invisible Internet Project (I2P)
iOS
low priority
OS
Operating Systems
Self-contained networks
Social media
stale
A label for stalebot if it gets added
streaming
Anything related to media streaming.
todo
Tor
Anything covering the Tor network
WIP
active work in progress, do not merge or PR (yet)!
wontfix
Issues or bugs that will not be fixed and/or do not have significant impact on the project.
XMPP
Extensible Messaging and Presence Protocol
[m]
Matrix protocol
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
Browser Extension related issues
enhancement
software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
Correction of content on the website
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
Firefox & forks, about:config etc.
💻 hardware
🌐 hosting
🏠 housekeeping
Anything primarily related to site cleanup.
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
Virtual Private Network
🌐 website issue
*Technical* issues with the website.
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
Domain Name System
🗨️ instant messaging (im)
🇦🇶 translations
Anything covering a translated version of the site
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
jonah
No Assignees
1 Participants
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#408
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?