SCS Software

message board
It is currently 28 Apr 2017 10:23

All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 57 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next
Author Message
PostPosted: 21 Mar 2017 21:52 
Offline
User avatar

Joined: 22 Oct 2013 09:55
Posts: 7219
Location: The Lost Coast
Moh1336 wrote:
PMs aren't that private anyone with server access or admin status has the capability of reading them if need be. :P

Or anyone who has the ability to hack into a MySQL database, which happens all the time...

_________________
You can call me Ax

Image


Top
 Profile  
 
PostPosted: 24 Mar 2017 19:24 
Offline

Joined: 24 Mar 2017 19:18
Posts: 3
Just like to also add, this site should be on an SSL server, it's not secure, and not everyone uses a different password for every website, tho I made one up just for this insecure forum...


Top
 Profile  
 
PostPosted: 25 Mar 2017 15:18 
Offline
User avatar

Joined: 09 Dec 2014 05:21
Posts: 1941
Hi mates,

Axel Slingerland wrote:
Or anyone who has the ability to hack into a MySQL database, which happens all the time...

I agree with you Ax, there are unpreventable cases, such as zero-day attacks. The problem is when unpreventable cases are used as a reason for not thinking about the preventable cases.
IMHO, unpreventable cases (zero-day attacks, super spy agencies, martian attacks!) would be 1% of the possible cases, or even less, while the other 99% would be regular people and network administrators that could capture network packets for whatever reasons.
We cannot prevent the unpreventable 1%, but we CAN prevent the preventable 99%.
I apologize for the mess with words. :D
Why I still wonder is why some of you seem to prefer not to have more protected your traffic. :? :D

TrueDeviL wrote:
Just like to also add, this site should be on an SSL server, it's not secure, and not everyone uses a different password for every website, tho I made one up just for this insecure forum...

Completely agree with you about the possibility of people using same passwords for different websites, it would not be the first time in the history of Internet.

Kind regards.

EDIT: Replaces "I" by "it" in last sentence. I should deactivate automatic corrector! :)

_________________
My ETS2 album.
My ATS album.
My WOT page.


Top
 Profile  
 
PostPosted: 25 Mar 2017 18:56 
Offline
User avatar

Joined: 12 Jan 2014 05:08
Posts: 418
Quote golcan "Why I still wonder is why some of you seem to prefer not to have more protected your traffic. :? :D"

Likes to live dangerously? :?: :( What about the young children that log into the sight who don't have a clue or the "common sense" that Flemming V spoke of.

Is it beyond possibility they may be PMing others with their parents credit card information or other sensitive personal information? Yes us adults should know better but even several of them have suggested it's no big deal. :(

Considering how cheap an SSL certificate is I consider not providing one for your users peace of mind irresponsible.
https://ssl.comodo.com/landing/ssl/index-new03.php?af=7697&key1sk1=sem&ap=CUCSEM2017&gclid=CObj4c6Y8tICFUlNfgodeKQGjg

_________________
Image


Top
 Profile  
 
PostPosted: 28 Mar 2017 21:04 
Offline

Joined: 06 Dec 2015 16:37
Posts: 237
The cost of a certificate is only the tip of the iceberg, and largely irrelevant to this.

Originally SSL was impossible to implement with multiple domain names on a single IP address (due to fundamental failings in the design for SSL). I.e. "name based virtual hosting" was completely incompatible with SSL, impossible to implement. Relatively recently, TLS has been enhanced to fix this defect. It is, however, complex and involved to reliably configure this, and it requires that you block old versions of the SSL protocol. Implementing it is far from just throwing a certificate at the server and flipping a switch, and there can be many complex factors involved in an existing infrastructure which make it non-trivial to implement.

On top of that, it increases the ongoing server costs, as it is much more computationally expensive than a non-SSL site. It also adds to the ongoing server administrative costs, as the certificates have to be actively managed.

Fundamentally, these forums do not need SSL protection, as there should never be any sensitive information which requires that level of protection. If anyone is stupid enough to disclose sensitive information on a web forum (regardless of SSL), or shares a password between this site and something which does need to be secure, they frankly deserve the consequences. I'm not actively opposed to SSL being implemented here, it's simply not important or necessary for these forums.

It is absurd to even suggest that SCS are being "irresponsible" in this regard. That assertion is pure nonsense.

One last thought: SSL has been globally compromised on a number of well documented occasions, due to untrustworthy certificate authorities improperly issuing root certificates. I.e. that shiny little padlock (or whatever) in your browser has not been trustworthy on a number of occasions due to the gatekeepers of the trust allowing unrelated third parties to impersonate any site they want to. There are also many documented cases of the certificate authorities issuing normal certificates to the wrong people (i.e. equivalent of giving a "google.com" certificate to anyone other than Google's security team), including giving those certificates to people unrelated to the company named on the certificate. These are not technical vulnerabilities or attacks on the technology, but the guardians of the trust failing to act responsibly and actively taking actions which compromise the trust.


Top
 Profile  
 
PostPosted: 29 Mar 2017 00:05 
Offline
User avatar

Joined: 15 Nov 2016 23:54
Posts: 58
Location: Netherlands
Due to all respect, hacking usernames and passwords thru "unsecure" websites, non SSL websites, is really nonsence.
I have several websites which all non SSL.

In the past I was a forum moderator / administrator. Also non SSL.

Never they broke into the system thru "onsecure connection".

What Axel wrote:
Quote:
Or anyone who has the ability to hack into a MySQL database, which happens all the time...

That is exactly what is happening all the time: breaking into the system thru database injection!
Not listening for username and password thru non SSL connections!

That are the facts.

The only reason that internet browsers give warnings about non SSL websites, is the fact that goverments can see what you doing on the internet. Via a SSL connection they can't.


Top
 Profile  
 
PostPosted: 29 Mar 2017 00:11 
Offline
User avatar

Joined: 03 Sep 2014 19:07
Posts: 1138
Location: Cheltenham Spa, ENGLAND
Moh1336 wrote:
Firefox shows warnings because you look like you want to surf the web. :lol:

If it wasn't for all the customisation I put into FF, I would probably just switch browsers at this point. FF has gone down hill over the last couple of years IMO.


My recommendation, try Pale Moon, either 32 or 64 bit. It's a slimmed down "how fast FF used to be" version. I gave up on FF years ago as a browser as it got more bloated and slower, and slower, but I found this superior (to me) browser based on FF without the bloat. Though of late for my personal tastes it appears to be going downhill. But that's why I don't update it so much these days. And I'd say 99% of your customisations will still work. Mine do.

_________________
Nothing is foolproof to the talented fool.

I'm writing a book on plagiarism. It wasn't my idea.


ProModz & ProRus v2.00+ Satellite Maps
ETS2 v1.18.x Satellite Map Background
Road Atlas Map Backgrounds


Top
 Profile  
 
PostPosted: 29 Mar 2017 04:20 
Offline
User avatar

Joined: 22 Oct 2013 09:55
Posts: 7219
Location: The Lost Coast
marcel-dutch wrote:
The only reason that internet browsers give warnings about non SSL websites, is the fact that goverments can see what you doing on the internet. Via a SSL connection they can't.

Where did you hear that? I don't believe that for a second. Why? Because I remember what the Internet used to be before it was changed into what it is today, a US Military network. You were close about this though, except that it is not just "the fact that goverments can see what you doing on the internet", but that the US government can see what other governments around the world and you do on the Internet.

_________________
You can call me Ax

Image


Top
 Profile  
 
PostPosted: 29 Mar 2017 06:26 
Offline
User avatar

Joined: 12 Jan 2014 05:08
Posts: 418
Murph wrote:

Fundamentally, these forums do not need SSL protection, as there should never be any sensitive information which requires that level of protection. If anyone is stupid enough to disclose sensitive information on a web forum (regardless of SSL), or shares a password between this site and something which does need to be secure, they frankly deserve the consequences. I'm not actively opposed to SSL being implemented here, it's simply not important or necessary for these forums.

It is absurd to even suggest that SCS are being "irresponsible" in this regard. That assertion is pure nonsense.


The people I referred to are children who although they frequently do "stupid" things neither they nor their parents "deserve what they get". Even ignorant adults who are unaware of the consequenses of their actions should not be left open to negative results due to basic protection not being implemented. Not everyone is technically savy.You have quite a mean spirited attitude IMO.

There are many reasons why most websites use SSL certificates, there will always be hackers who break in but leaving the door unlocked for them is irresponsible. People haven't stopped locking their doors because there are successful burglars.

Most security breaches go unnoticed, saying you have never been hacked doesn't mean it didn't happen. I worked with many security agencies in my time and when their sites got hacked they didn't say "well that didn't work so let's just get rid of it all and hope for the best.".

Some protection is better than none. Not providing any is the irresponsible bit even if it seems absurd and nonsensical to you.

_________________
Image


Top
 Profile  
 
PostPosted: 29 Mar 2017 07:38 
Offline
User avatar

Joined: 12 Jan 2014 05:08
Posts: 418
Axel Slingerland wrote:
Where did you hear that? I don't believe that for a second. Why? Because I remember what the Internet used to be before it was changed into what it is today, a US Military network. You were close about this though, except that it is not just "the fact that goverments can see what you doing on the internet", but that the US government can see what other governments around the world and you do on the Internet.


Not much privacy anymore eh Axe?

Intercept Code names: SCS (funny), GARLICK, LADYLOVE, LEMONWOOD, MOONPENNY, TIMBERLINE, JACKKNIFE, CORALINE.

Programs: Boundless Informant, Dropmire, ECHELON, Fairview, Insider Threat Program, MUSCULAR, MYSTIC, PRISM, Real Time Regional Gateway, Stellar Wind, TRAILBLAZER, Turbulence, Upstream, XKeyscore.

Technology: ANT catalog, FROSTBURG, HARVEST, Secure Terminal Equipment (STE), STU-I, STU-II, STU-III, WARRIOR PRIDE.

The list goes on and on.

We are the borg lower your shields, resistance is futile, prepare to be assimilated. :ugeek: :twisted: :evil:

_________________
Image


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 57 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: deco13 and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: