SCS Insecure website.

The forum dedicated to site issues, problems and wishes.
User avatar
Axel Slingerland
Global moderator
Posts: 8078
Joined: 22 Oct 2013 07:55
Location: The Lost Coast

Re: SCS Insecure website.

#31 Post by Axel Slingerland » 21 Mar 2017 19:52

Moh1336 wrote:PMs aren't that private anyone with server access or admin status has the capability of reading them if need be. :P
Or anyone who has the ability to hack into a MySQL database, which happens all the time...
You can call me Ax

Image

TrueDeviL
Posts: 4
Joined: 24 Mar 2017 17:18

Re: SCS Insecure website.

#32 Post by TrueDeviL » 24 Mar 2017 17:24

Just like to also add, this site should be on an SSL server, it's not secure, and not everyone uses a different password for every website, tho I made one up just for this insecure forum...

User avatar
golcan
Posts: 1942
Joined: 09 Dec 2014 03:21

Re: SCS Insecure website.

#33 Post by golcan » 25 Mar 2017 13:18

Hi mates,
Axel Slingerland wrote:Or anyone who has the ability to hack into a MySQL database, which happens all the time...
I agree with you Ax, there are unpreventable cases, such as zero-day attacks. The problem is when unpreventable cases are used as a reason for not thinking about the preventable cases.
IMHO, unpreventable cases (zero-day attacks, super spy agencies, martian attacks!) would be 1% of the possible cases, or even less, while the other 99% would be regular people and network administrators that could capture network packets for whatever reasons.
We cannot prevent the unpreventable 1%, but we CAN prevent the preventable 99%.
I apologize for the mess with words. :D
Why I still wonder is why some of you seem to prefer not to have more protected your traffic. :? :D
TrueDeviL wrote:Just like to also add, this site should be on an SSL server, it's not secure, and not everyone uses a different password for every website, tho I made one up just for this insecure forum...
Completely agree with you about the possibility of people using same passwords for different websites, it would not be the first time in the history of Internet.

Kind regards.

EDIT: Replaces "I" by "it" in last sentence. I should deactivate automatic corrector! :)

User avatar
tbar
Posts: 450
Joined: 12 Jan 2014 03:08

Re: SCS Insecure website.

#34 Post by tbar » 25 Mar 2017 16:56

Quote golcan "Why I still wonder is why some of you seem to prefer not to have more protected your traffic. :? :D"

Likes to live dangerously? :?: :( What about the young children that log into the sight who don't have a clue or the "common sense" that Flemming V spoke of.

Is it beyond possibility they may be PMing others with their parents credit card information or other sensitive personal information? Yes us adults should know better but even several of them have suggested it's no big deal. :(

Considering how cheap an SSL certificate is I consider not providing one for your users peace of mind irresponsible.
https://ssl.comodo.com/landing/ssl/inde ... fgodeKQGjg
Image

Murph
Posts: 237
Joined: 06 Dec 2015 14:37

Re: SCS Insecure website.

#35 Post by Murph » 28 Mar 2017 19:04

The cost of a certificate is only the tip of the iceberg, and largely irrelevant to this.

Originally SSL was impossible to implement with multiple domain names on a single IP address (due to fundamental failings in the design for SSL). I.e. "name based virtual hosting" was completely incompatible with SSL, impossible to implement. Relatively recently, TLS has been enhanced to fix this defect. It is, however, complex and involved to reliably configure this, and it requires that you block old versions of the SSL protocol. Implementing it is far from just throwing a certificate at the server and flipping a switch, and there can be many complex factors involved in an existing infrastructure which make it non-trivial to implement.

On top of that, it increases the ongoing server costs, as it is much more computationally expensive than a non-SSL site. It also adds to the ongoing server administrative costs, as the certificates have to be actively managed.

Fundamentally, these forums do not need SSL protection, as there should never be any sensitive information which requires that level of protection. If anyone is stupid enough to disclose sensitive information on a web forum (regardless of SSL), or shares a password between this site and something which does need to be secure, they frankly deserve the consequences. I'm not actively opposed to SSL being implemented here, it's simply not important or necessary for these forums.

It is absurd to even suggest that SCS are being "irresponsible" in this regard. That assertion is pure nonsense.

One last thought: SSL has been globally compromised on a number of well documented occasions, due to untrustworthy certificate authorities improperly issuing root certificates. I.e. that shiny little padlock (or whatever) in your browser has not been trustworthy on a number of occasions due to the gatekeepers of the trust allowing unrelated third parties to impersonate any site they want to. There are also many documented cases of the certificate authorities issuing normal certificates to the wrong people (i.e. equivalent of giving a "google.com" certificate to anyone other than Google's security team), including giving those certificates to people unrelated to the company named on the certificate. These are not technical vulnerabilities or attacks on the technology, but the guardians of the trust failing to act responsibly and actively taking actions which compromise the trust.

User avatar
marcel-dutch
Posts: 235
Joined: 15 Nov 2016 21:54
Location: Netherlands
Contact:

Re: SCS Insecure website.

#36 Post by marcel-dutch » 28 Mar 2017 22:05

Due to all respect, hacking usernames and passwords thru "unsecure" websites, non SSL websites, is really nonsence.
I have several websites which all non SSL.

In the past I was a forum moderator / administrator. Also non SSL.

Never they broke into the system thru "onsecure connection".

What Axel wrote:
Or anyone who has the ability to hack into a MySQL database, which happens all the time...
That is exactly what is happening all the time: breaking into the system thru database injection!
Not listening for username and password thru non SSL connections!

That are the facts.

The only reason that internet browsers give warnings about non SSL websites, is the fact that goverments can see what you doing on the internet. Via a SSL connection they can't.

User avatar
Elmer BeFuddled
Posts: 1266
Joined: 03 Sep 2014 17:07
Location: Royston Vasey, ENGLAND

Re: SCS Insecure website.

#37 Post by Elmer BeFuddled » 28 Mar 2017 22:11

Moh1336 wrote:Firefox shows warnings because you look like you want to surf the web. :lol:

If it wasn't for all the customisation I put into FF, I would probably just switch browsers at this point. FF has gone down hill over the last couple of years IMO.
My recommendation, try Pale Moon, either 32 or 64 bit. It's a slimmed down "how fast FF used to be" version. I gave up on FF years ago as a browser as it got more bloated and slower, and slower, but I found this superior (to me) browser based on FF without the bloat. Though of late for my personal tastes it appears to be going downhill. But that's why I don't update it so much these days. And I'd say 99% of your customisations will still work. Mine do.
I'm writing a book on plagiarism. It wasn't my idea.
Nothing is foolproof to the talented fool.


ProModz & ProRus v2.00+ Satellite Maps
ETS2 v1.18.x Satellite Map Background
Road Atlas Map Backgrounds

User avatar
Axel Slingerland
Global moderator
Posts: 8078
Joined: 22 Oct 2013 07:55
Location: The Lost Coast

Re: SCS Insecure website.

#38 Post by Axel Slingerland » 29 Mar 2017 02:20

marcel-dutch wrote:The only reason that internet browsers give warnings about non SSL websites, is the fact that goverments can see what you doing on the internet. Via a SSL connection they can't.
Where did you hear that? I don't believe that for a second. Why? Because I remember what the Internet used to be before it was changed into what it is today, a US Military network. You were close about this though, except that it is not just "the fact that goverments can see what you doing on the internet", but that the US government can see what other governments around the world and you do on the Internet.
You can call me Ax

Image

User avatar
tbar
Posts: 450
Joined: 12 Jan 2014 03:08

Re: SCS Insecure website.

#39 Post by tbar » 29 Mar 2017 04:26

Murph wrote:
Fundamentally, these forums do not need SSL protection, as there should never be any sensitive information which requires that level of protection. If anyone is stupid enough to disclose sensitive information on a web forum (regardless of SSL), or shares a password between this site and something which does need to be secure, they frankly deserve the consequences. I'm not actively opposed to SSL being implemented here, it's simply not important or necessary for these forums.

It is absurd to even suggest that SCS are being "irresponsible" in this regard. That assertion is pure nonsense.
The people I referred to are children who although they frequently do "stupid" things neither they nor their parents "deserve what they get". Even ignorant adults who are unaware of the consequenses of their actions should not be left open to negative results due to basic protection not being implemented. Not everyone is technically savy.You have quite a mean spirited attitude IMO.

There are many reasons why most websites use SSL certificates, there will always be hackers who break in but leaving the door unlocked for them is irresponsible. People haven't stopped locking their doors because there are successful burglars.

Most security breaches go unnoticed, saying you have never been hacked doesn't mean it didn't happen. I worked with many security agencies in my time and when their sites got hacked they didn't say "well that didn't work so let's just get rid of it all and hope for the best.".

Some protection is better than none. Not providing any is the irresponsible bit even if it seems absurd and nonsensical to you.
Image

User avatar
tbar
Posts: 450
Joined: 12 Jan 2014 03:08

Re: SCS Insecure website.

#40 Post by tbar » 29 Mar 2017 05:38

Axel Slingerland wrote: Where did you hear that? I don't believe that for a second. Why? Because I remember what the Internet used to be before it was changed into what it is today, a US Military network. You were close about this though, except that it is not just "the fact that goverments can see what you doing on the internet", but that the US government can see what other governments around the world and you do on the Internet.
Not much privacy anymore eh Axe?

Intercept Code names: SCS (funny), GARLICK, LADYLOVE, LEMONWOOD, MOONPENNY, TIMBERLINE, JACKKNIFE, CORALINE.

Programs: Boundless Informant, Dropmire, ECHELON, Fairview, Insider Threat Program, MUSCULAR, MYSTIC, PRISM, Real Time Regional Gateway, Stellar Wind, TRAILBLAZER, Turbulence, Upstream, XKeyscore.

Technology: ANT catalog, FROSTBURG, HARVEST, Secure Terminal Equipment (STE), STU-I, STU-II, STU-III, WARRIOR PRIDE.

The list goes on and on.

We are the borg lower your shields, resistance is futile, prepare to be assimilated. :ugeek: :twisted: :evil:
Image

Post Reply

Return to “SCS Site”

Who is online

Users browsing this forum: No registered users and 7 guests