[emacs-berlin] Your text editor is malware
Tilmann Singer
tils at tils.net
Wed Nov 25 22:15:21 UTC 2015
As a short followup to todays meeting, and a reminder, because I think
it is an important topic, here is the blog post I was referring to:
https://glyph.twistedmatrix.com/2015/11/editor-malware.html
I finally got it configured again successfully. I had it working in
emacs 24, but for an unknown reason it stopped working. After upgrading
to emacs25-git (probably a good idea anyway), it works again.
Unfortunately I don't have more insight into why it failed.
The litmus test is to eval this code:
(let ((bad-hosts
(loop for bad
in `("https://wrong.host.badssl.com/"
"https://self-signed.badssl.com/")
if (condition-case e
(url-retrieve
bad (lambda (retrieved) t))
(error nil))
collect bad)))
(if bad-hosts
(error (format "tls misconfigured; retrieved %s ok"
bad-hosts))
(url-retrieve "https://badssl.com"
(lambda (retrieved) t))))
the output should look like this:
#<buffer *http badssl.com:443*-492452>
If you see an error instead, then your emacs ssl setup is unsafe.
Til
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 472 bytes
Desc: not available
URL: <http://mailb.org/pipermail/emacs-berlin/attachments/20151125/6e65e234/attachment.sig>
More information about the emacs-berlin
mailing list