Forum "not secure"?

canislatrans54

New member
Possibly someone else, (at some point), has posed this same question. I don't know.

And, I readily admit that I am super stupid about computer stuff.


However, here's my question:

I have never paid attention before, during the "log in" page.
But today, when I was logging in, I happened to notice that it said that the forum page isn't "secure".
After logging in, I do now see that there's no "https:" in front of the website address.

Just curious why the forum isn't a secure website?
confused.gif
confused.gif
 
I think your question is why would it need to be/should it be? Other than the pages where you are entering purchasing information it isn't needed, or for the back end pages that site administrators control (like the users listing that has their information and passwords)

The S in it's simplest form is just a signal that you are dealing directly, and with an assumption of privacy when you are entering private information that traffic between your computer and the site is encrypted between the two so that if someone was monitoring it would be seen as jibberish.
http://www.itproportal.com/2008/09/09/online-security-what-does-https-actually-mean/

Typically you see a warning when the certificate expires and then its just a matter of renewing it. You have noticed there are some subtle changes being made. I have also noticed them, but that is just part of keeping up the site and making upgrades.
 
I think it's just good practice to make all websites/pages use SSL. I wouldn't dream of running a site like this without it, personally. It's just cheap insurance against low grade threats or mischief. Gawd knows what kind of vulnerabilities exist in this old software for anyone that actually wanted to mess with it. I bet if anyone really wanted to, they could take this site down and harvest every password etc. pretty darn easy.

- DAA
 
I was simply curious.
I know that some people, in private messages, might be giving their personal phone numbers and such to other members.
And, since I have seen (a few times) where scammers might have gotten on the forum...info such as that might get into unwanted hands.
 
this is old software & it's been orphaned. we've tried to move off it to something newer & didn't get it working right. problem is we have about 18 or so years of history with > 3 million posts.

migrating without losing that has proved to be a problem. we could start over with new software, make everyone register again & start from scratch. I don't think anyone would be very happy with that & it's not what we want to do.

the problem could be solved by throwing enough money at it, so maybe one day we'll be able to. for the time being we're stuck with the results of a decision made almost 20 years ago though.
 
Aww.. the challenges of running software with the tech side of things in mind vs. the business operations side of things in mind. I will say though that given what it is, it is well managed and has great availability.

I am sure that it's completely due to Stu and team, and no small amount of Aspirin and drinks.

Some place different values on historical data and past membership counts, for different reasons.
Personally for me, i would dump out most of the threads here, the reloading and predator hunting threads have value, but the Church def. doesn't. IMO.

As to the security, the Https doesn't protect the information housed in the site. This software is good for what it is. but, not the most secure. Think of the S as the prevention of someone reading a letter going from your house to another. It's scrambled between the two places, not stored on the site encrypted and i would be very surprised if the site data at rest was encrypted. Why bother? It's not secret data here. Anyone can create an account and log in and read it.

As with any site, Google lists out the ways one could take the "secure information" here like anywhere, or ways to prevent it from working. But, again why bother, it's a bunch of guys talking about hunting and stuff. Not exactly head line media stuff. Important to us, but not really to anyone else. IMO




 
the warning is really about your login. always a good idea to use unique passwords but in particular you shouldn't use the same one for web sites like this that you do for anything serious like a bank or credit union.
 
Stu, i see that kind of thing all the time.

I was just running a rainbow table check last week against client passwords. I had to order the notification of thousands of clients that they have to change their passwords.


The common things that i hear with this is that "I have to remember to many passwords" so they either use the same one over and over, or they copy it to a unsecure note in their phone, but then leave their wifi and blue tooth services turned on. (which is worse is a coin toss)

For those that are not real tech focused.

I would strongly suggest that you think up 3 passwords. It should have a special character like # or &, a capitalized letter, and a number or two minimum. It should be a total of 8 long minimum. I also recommend a phrase or saying you like.

example:
JoinPred@torM22sters

I suggest that you create 3 of these. One for the internet sites.. You don't really care about. Then one for all things private. Email is an example of this.
Then I would make one for Financial sites. Bank, Credit cards, and those kinds of things.

Clear your cookies, clear you history, and if you are not on the computer shut it off. It can't be hacked or corrupted if it's not on.
 
Everyplace thinks I can stuff another card in my wallet, doctor, pharmacy, grocery, gas, bank, movie, SSec, Drivers license, insurance, hospital, club memberships, and so on.
I can't sit on my wallet, so cargo clothes.
Over the last few years nearly everywhere I go is a password. Now they are technical passwords with multiple requirements and more characters.
Then they they get hacked and require me to change again. Some have required stringent changes 4 times now.
They don't mention how much info is being sold. Recently dropped out of a patient Portal after reading the fine print spelling out info sale guidelines that included checking my home computer for previous info.
My password tablet is frazzled.
Two of my doctors now have a password Rolodex at home. I may try this cause who's going to steal a Rolodex nowadays.
I can remember phone numbers since being a kid. Passwords are quickly evaporating. It's like I need to erase a brain cell before imprinting a new password.
The fingerprint or eyeball scan is sounding pretty good sober.
 
The password that I use, to log in here, I only use here & on another hunting forum.
I have used it so long, there's no way I will forget it.

The other places that I have to use a password...email account; Facebook; my youtube; photobucket; bank; doctor's portal thingies...I use a specific & different password for each account.

Because of that, I have to have them written down in the pocket notebook, that I carry in one of the chest pockets of my overalls. Hahaha
Otherwise, I wouldn't remember any of them.

After having both my email account, and my Facebook hacked during this past year, I have done my best to create longer, and more difficult passwords (except for PM & the other forum).
 
My work requires my password to be exactly 8 long, and has to be changed once every 30 days and they save the last 20, and to top it off they check it against common passwords too.

Lets just say that it's become a game of trying to come up with foul language phrases that fit this mold each month.
 
Originally Posted By: Tbone-AZMy work requires my password to be exactly 8 long, and has to be changed once every 30 days and they save the last 20, and to top it off they check it against common passwords too.

Lets just say that it's become a game of trying to come up with foul language phrases that fit this mold each month.



grin.gif
grin.gif
grin.gif
grin.gif
 
I'd be more than happy to invest some time into finding a solution and migration path. I was contacted about doing just that well over a year ago with no follow-up. Let me know if I can be of assistance it's what I do for a living and I'm currently unemployed so my time and expertise is as cheap as a house payment or two to get things moving in a positive direction.
 
Originally Posted By: Tbone-AZStu, i see that kind of thing all the time.

I was just running a rainbow table check last week against client passwords. I had to order the notification of thousands of clients that they have to change their passwords.


The common things that i hear with this is that "I have to remember to many passwords" so they either use the same one over and over, or they copy it to a unsecure note in their phone, but then leave their wifi and blue tooth services turned on. (which is worse is a coin toss)

For those that are not real tech focused.

I would strongly suggest that you think up 3 passwords. It should have a special character like # or &, a capitalized letter, and a number or two minimum. It should be a total of 8 long minimum. I also recommend a phrase or saying you like.

example:
JoinPred@torM22sters

I suggest that you create 3 of these. One for the internet sites.. You don't really care about. Then one for all things private. Email is an example of this.
Then I would make one for Financial sites. Bank, Credit cards, and those kinds of things.

Clear your cookies, clear you history, and if you are not on the computer shut it off. It can't be hacked or corrupted if it's not on.

I hate passwords anymore. Back in the day, and I know I'm dating myself (my wife won't let anyone else date me), when we had BBS you had to dial in and if 5 other people beat you to it you got a busy signal. And it took forever to download 1 low resolution picture of a naked lady. Anyway.

Then the passwords came. No real issue. Then you would need the passwords with a number. No biggie. Then you need a number and 1 special character no biggie. Then 1 number, 1 capital, and 1 special. No biggie.

I have a set # of passwords I can remember that follow the general requirements.

Now I have some sites, you need all of the above EXCEPT a special. Or all of the above EXCEPT a number. And now you need to do a new one every x days, and it can't be any of the last 100 you used here.

Now you're just [beeep] with me. To do things 'right' I need 50 entirely unique passwords made of random combinations of letters, numbers, special characters, some with spaces and some without, some of which don't even follow the standards of all the others. I need to change them religiously, remember them all, and at no time can I write them down.

I'm a smart guy. I tested into Mensa in the 4th grade. At any given time, I am the smartest person in the room (especially when I'm by myself). And there's just no way in [beeep] I can do this. I'm not a living computer, I'm just good at conceptualizing and manipulating things in my mind. And I'm getting older so it's not going to get any better.

I'm honestly not worried too much about my privacy. I'm looking forward to getting a chip implanted in me to do away with all of the above. I figure if you have my hand and want to look at my browser history I have bigger problems anyway. Because you have my hand.
 
Back
Top