Ken

How about the ability to create email templates and use them in custom client emails instead? Rather than using WHMCS' hand holding bloated methods.

Open Web Proxies yes but private businesses that use filtering for internal policies not just limited to security. Of course those companies can add their certificates to the proxy and configure a MITM in order to do their filtering but I'd imagine in some cases this isn't applicable. So I'm not sure I'd rule it out.

Forget speed I was only referring to as it stands today. You may have encrypted your site and did not notice a difference but if you're talking about encrypting every entity out on the internet that's another thing. Will it fix MITM? I say no for the fact that it's a 'trust'. You are trusting the certificate on the other end because the root server says it's legit. This is fine for local traffic when you're on WiFi networks but when you're talking about backbone traffic being rerouted how are you going to trust your trusted authority? Let's not forget that encrypted traffic also allows hackers to hide in some situations.

Google is a login portal since even their search page will recognize a logged in user. That's fair in regards to speed and consumption but what about proxy servers won't be able to filter traffic properly? That and HTTPS doesn't make you immune to MITM since SSL connectivity is based on 'trust'.

Which websites force SSL traffic short of area of sensitivity like login access? Requiring SSL on everything would make things incredibly slow, especially for mobile users.

To encrypt all internet traffic would require devastating amounts of CPU, electricity and bandwidth because of it's footprint. I don't feel like there's a need to encrypt all traffic except for of course private or secret information and exploitable files. When sends someone a file it can be intercepted and tampered with. I think you'd sooner see some method to fragment or distribute traffic in order to prevent MITM where it is single point in nature.

Thanks to encryption and trusted certificates you can sleep at night. Edit: With one eye open.

Wow didn't mean to triple reply. Mobile theme kept locking up on post.

That's why developers usually require half up front to keep them invested in the project.

That's why developers usually require half up front to keep them invested in the project.

That's why developers usually require half up front to keep them invested in the project.

Welcome Steve and point taken. My apologies for suggesting that you were attempting a publicity stunt... I more or less meant it looks like 'it could be taken' as one. I took it out of context for what was intended for the disclosure.

For one-off fix of this problem though since he said it was in WHMCS and didn't get transferred can't he just copy it over to Blesta and create a new email from the client screen?

Not arguing putting the word out. I am saying I feel it's already out. I understand that after research Rack911 does a lot of work for members of that community. My point still stands though.

Going to have to agree here, Mike. It's just business. We know you hate PayPal.

Why are emails not showing up in the logs? I'm not using this module to check. Mike do yours not show up in the mail log? Shouldn't all emails go there regardless of the module? WHMCS is a nightmare. You sure that's necessary? Not sure if you saw some of the other threads but the devs have acknowledged this and plan to improve this.

You act as if they don't already know and trying to save people that don't necessarily want to be saved. The bugs were reported and we're talking about it in the open. They made national headlines. What more do you want? There seems to be a lot of emphasis around this Rack911 business and looking more like a publicity stunt.

Isn't that kind of beating a dead horse? With everything that has happened with them and continuing to happen... I'm not sure what more needs to be said. It's great for our devs to underline security when it comes to Blesta for those who care about it, which should be everyone, but anything beyond that would just start to look a little foolish. As Cody mentioned he reported the exploits as well as others obviously since they are issuing security updates to the point that it's driving people nuts apparently. Either people get the picture and move on or they tighten up over time whether they're reporting back to people's submissions or not. It wouldn't take very much research at all to get a feel for how secure their software is or isn't. If people won't take basic consideration for their own business then there's no real point in going on a crusade to inform them. Until then grab some popcorn and let's see what happens.

Not too long ago they sent out an email talking about all of the exploits they have been fixing and apologized for all of the security updates that have been annoying people. Counting on a version without exploits is like counting on world peace at the moment.

It's at the bottom of the first post on this thread.

I think everyone acknowledges their mistake in participating in this thread. Alex don't take things to heart. It's going to get much worse in this industry. We've all been grilled when making assumptions... if we didn't we'd still be making them. No one is attacking you personally they're just reacting to the rhetoric. Make friends not enemies.

agreed

If you're going to use Ubuntu you should use the LTS (Long-Term Support) versions. Which is every other x.04 release such as 10.04, 12.04, 14.04 etc. https://wiki.ubuntu.com/LTS

Nothing is more harsh than someone irresponsibly mishandling data. Get a cert or shut it down.

Well... we are in California after all.