SCS Insecure website.

The forum dedicated to site issues, problems and wishes.
metpei
Posts: 185
Joined: 08 Dec 2016 12:24

Re: SCS Insecure website.

#51 Post by metpei » 12 Apr 2017 18:05

Hi, just saying that even login this forum isn't safe, you send your password totally unsafely! That should be warned in registration page that people (not me) some uses same password in many places wouldn't do that.

And faq have wrong information: faq.php#f0r4

User avatar
Axel Slingerland
Global moderator
Posts: 8078
Joined: 22 Oct 2013 07:55
Location: The Lost Coast

Re: SCS Insecure website.

#52 Post by Axel Slingerland » 12 Apr 2017 19:01

It all falls under "There's no such thing as a 100% secure website." There just isn't. And the sooner people start thinking that way, the better off they will be. As the old saying goes, "As soon as you think you made something fool proof, along comes a better fool."
You can call me Ax

Image

User avatar
marcel-dutch
Posts: 235
Joined: 15 Nov 2016 21:54
Location: Netherlands
Contact:

Re: SCS Insecure website.

#53 Post by marcel-dutch » 12 Apr 2017 19:20

metpei wrote:Hi, just saying that even login this forum isn't safe, you send your password totally unsafely!
Due to all respect, but hacking via 'unsafe connection' is not wat it is happening.
All the websites and forums I manage, runs on HTTP connections, not on HTTPS. None were hacking via 'unsafe connection', but via database injection.

The most common methode to hack an account is not via http/https but via database injection, or via a keylogger on the computer of the victim.

I know exactly why they prefer SSL connections, but I am sceptic. I am afraid that SSL connections give us false safety.
For example: The CIA had hacked the switches and routers of the TOR network. And TOR was a real SSL network. Now they can monitor the connection and locate the sender. So anonymous surfing on the internet is a real fairytale.
I am afraid that it the reality for the SSL (https) connections.

I do not believe that this forum is in danger and that logging in via a non SSL connection the user is in danger.
That is the reality.

User avatar
marcel-dutch
Posts: 235
Joined: 15 Nov 2016 21:54
Location: Netherlands
Contact:

Re: SCS Insecure website.

#54 Post by marcel-dutch » 12 Apr 2017 19:23

Axel Slingerland wrote:It all falls under "There's no such thing as a 100% secure website."
I am afraid you're not right. ;)
I can run a perfectly safe website.
But only on a server which is not connected to the internet. :lol:

Sorry, that was an open door. :mrgreen:

User avatar
Timmy
Duck thief
Posts: 123
Joined: 11 Apr 2013 11:57
Location: Prague, Czech Republic
Contact:

Re: SCS Insecure website.

#55 Post by Timmy » 13 Apr 2017 15:21

There are more advantages to TLS than just security - for example, no one likes content injected by ISP. Hey, even CloudFlare has this problem.

Secure web is the right way to go.

Also, it isn't SSL - that's deprecated but everyone is still using this term instead of TLS ;)

User avatar
SiSL
Beta tester
Posts: 7080
Joined: 27 Oct 2013 06:23

Re: SCS Insecure website.

#56 Post by SiSL » 13 Apr 2017 15:26

Yeah, SSL is depreceted, all way for TLS now.

User avatar
JediCowboy
Posts: 138
Joined: 11 Nov 2016 19:19
Location: North Carolina, United States
Contact:

Re: SCS Insecure website.

#57 Post by JediCowboy » 24 Apr 2017 10:01

I did notice that the blog and ATS website is also insecure too.
So is their a possibility they become a secure website since the forum is getting it too.
Desktop: DELL Desktop Computer Inspiron 3656|Windows 10 Home 64-Bit|A10-Series APU A10-8700P CPU @1.80 GHz|AMD Radeon R9 360 2 GB|8 GB DDR3L|2 TB HDD
Laptop: HP15|OS:Windows 10 Home 64-Bit|AMD A8-6410 APU CPU @2.00 GHz|AMD Radeon R5 4GB|DDR3 512MB

Image

User avatar
Timmy
Duck thief
Posts: 123
Joined: 11 Apr 2013 11:57
Location: Prague, Czech Republic
Contact:

Re: SCS Insecure website.

#58 Post by Timmy » 11 Aug 2017 15:11

Almost all of our websites now redirect to HTTPS.

For the curious: Download servers have 1 crappy vCore CPU so I'm afraid it won't handle it well (it doesn't even have AES-NI extension).

User avatar
Timmy
Duck thief
Posts: 123
Joined: 11 Apr 2013 11:57
Location: Prague, Czech Republic
Contact:

Re: SCS Insecure website.

#59 Post by Timmy » 15 Aug 2017 12:32

Oh, also, we're now using full HTTP2, so for example forum loads 200 ms faster than before.

User avatar
Bandit & The Snowman
Posts: 947
Joined: 23 Oct 2014 15:55
Location: East Bound and Down
Contact:

Re: SCS Insecure website.

#60 Post by Bandit & The Snowman » 15 Aug 2017 15:58

Maybe the thread should be renamed into Secure website now? ;)

Post Reply

Return to “SCS Site”

Who is online

Users browsing this forum: PetrolejCZ and 6 guests