Does this site really not use https, and uses plaintext passwords? - Page 2 - About the Forums

Everyone who says https is too resource intensive, thats not quite true. Yes, https is more resource intensive than http, and yes, 5 years ago, it was a huge overhead, but now days, https adds a minimum overhead.

There is no reason for https not to be turned on, and not implementing it is a HUGE security floor imo.

Quote

05-13-2012 , 03:19 PM

#27

bav

Carpal \'Tunnel

Join Date: Nov 2005 Posts: 8,123

Quote:

Originally Posted by MrWooster

We already know they've been struggling with inadequate capacity (I think I read that somewhere). Dunno where the bottleneck is, however. If they're struggling with the front-end side of it facing the browsers, adding HTTPS may make the situation worse. On the other hand, if they're having backend DB issues, say, they may have gobs of capacity and won't notice the SSL overhead.

But if they hired a super-high-end security firm to come in and make sure everything was safe and secure, you'd kinda think "ENABLE HTTPS!!!" woulda been pretty high on said company's list of recommendations.

Quote

05-13-2012 , 11:04 PM

#28

Neil S

King of the sidebar

Join Date: Sep 2004 Posts: 19,649

Cookie sniffing is a big deal. It's not enough just to do https logins, not at all.

Quote

05-13-2012 , 11:46 PM

#29

pvn

Guest

Posts: n/a

Quote:

Originally Posted by Neil S

Cookie sniffing is a big deal. It's not enough just to do https logins, not at all.

Cookie sniffing is a big deal but it's a different problem than the problem of stealing passwords.

Implementing full https would be great but doing it just for logins would be better than what we have now and would be a very small increase in resource consumption.

Quote

05-13-2012 , 11:56 PM

#30

Neil S

King of the sidebar

Join Date: Sep 2004 Posts: 19,649

Quote:

Originally Posted by pvn

Is the goal to stop password sniffing or to prevent account hijacks?

Quote

05-15-2012 , 03:30 PM

#31

Count Chocula

banned

Join Date: Dec 2007 Posts: 19,345

cookie sniffing sounds like a weird fetish.

Quote

05-15-2012 , 08:45 PM

#32

Gin 'n Tonic

Carpal \'Tunnel

Join Date: Mar 2005 Posts: 6,305

Quote:

Originally Posted by Count Chocula

Wookie sniffing sounds like a weird fetish.

Fixed.

Quote

05-15-2012 , 09:48 PM

#33

pvn

Guest

Posts: n/a

Quote:

Originally Posted by Gin 'n Tonic

Fixed.

wat

Nothing weird about that IMO.

Quote

05-15-2012 , 10:25 PM

#34

Neil S

King of the sidebar

Join Date: Sep 2004 Posts: 19,649

I bent my wookiee.

Quote

05-17-2012 , 01:06 PM

#35

Gullanian

Carpal \'Tunnel

Join Date: Dec 2006 Posts: 14,014

Quote:

Originally Posted by pvn

Basically impossible/extremely difficult to blanket install https on a website like this that links to so much external content as it will throw up tons of security messages when someone posts an image on a different domain etc.

Doing it on the login/registration pages is a good idea and easy to do though.

Quote

05-17-2012 , 07:26 PM

#36

Neil S

King of the sidebar

Join Date: Sep 2004 Posts: 19,649

Quote:

Originally Posted by Gullanian

Ehh, it's security theater.

Quote

10-22-2015 , 08:16 PM

#37

WowImsobad

journeyman

Join Date: Jun 2009 Posts: 324

You cannot be serious. How old is this vbulletin software as well? Someone could probably just google a vbulletin exploit and there's a good chance it will work.

Unreal, lol.

Quote

10-22-2015 , 08:40 PM

#38

Randomly Banned.

journeyman

Join Date: Aug 2013 Posts: 284

You tell 'em.

Quote

10-22-2015 , 09:49 PM

#39

zikzak

Carpal \'Tunnel

Join Date: Jul 2009 Posts: 22,199

I have been assured that this is nothing to worry about. Also that the sever load for encryption requires more hamsters than 2+2 can afford.

Last edited by zikzak; 10-22-2015 at 09:49 PM. Reason: it's not like the site has ever been hacked or anything

Quote

10-27-2015 , 03:10 AM

#40

FranFran

Fran and stuff

Join Date: Jun 2014 Posts: 20,451

I can explain it, it's not actually a porn

Quote

10-27-2015 , 04:37 AM

#41

Mr.mmmKay

Drugs are bad...

Join Date: May 2011 Posts: 20,176

I heard the pas words have been encrypted using a banana and 2 large Chinese vases

Quote

11-03-2015 , 05:15 AM

#42

herbertstemple

veteran

Join Date: May 2009 Posts: 3,142

April, 2012.

Quote

11-03-2015 , 06:29 AM

#43

Minirra

old hand

Join Date: Mar 2015 Posts: 1,664

Here's your money back

Quote

11-04-2015 , 02:10 PM

#44

Roonil Wazlib

veteran

Join Date: Feb 2014 Posts: 3,333

why does OP think they use plaintext?

wireshark seems to think my password is 3abaf9cb25496efb9f918ba63135249c, which I assure you it isn't.

Quote

11-04-2015 , 02:43 PM

#45

Wiki

Pooh-Bah

Join Date: Mar 2008 Posts: 5,939

Quote:

Originally Posted by Roonil Wazlib

wireshark seems to think my password is 3abaf9cb25496efb9f918ba63135249c, which I assure you it isn't.

Really?

Mine is.

Quote

11-04-2015 , 02:57 PM

#46

Roonil Wazlib

veteran

Join Date: Feb 2014 Posts: 3,333

What a crazy coincidence!

Quote

11-04-2015 , 07:08 PM

#47

zikzak

Carpal \'Tunnel

Join Date: Jul 2009 Posts: 22,199

Quote:

Originally Posted by Roonil Wazlib

why does OP think they use plaintext?

wireshark seems to think my password is 3abaf9cb25496efb9f918ba63135249c, which I assure you it isn't.

Obviously your password is :ºùË%InûŸ‘‹¦15$œ

Quote

11-04-2015 , 09:28 PM

#48

Roonil Wazlib

veteran

Join Date: Feb 2014 Posts: 3,333

Ssshhhhhhhh

Quote

11-05-2015 , 01:09 AM

#49

Banned4lyfe

Sup-Bah? Pop-Bah Pooh-Bear Permanently Pooh-Bah Billy Walters Jr

Join Date: Feb 2013 Posts: 13,932

Mine shows

7c6a180b36896a0a8c02787eeafb0e4c

hmmm

Quote

11-09-2015 , 04:15 AM

#50

gvspa

stranger

Join Date: Nov 2015 Posts: 1

****ingfd trolle

Quote

Page 2 of 6

First

1 2 3 4 5 6

Last

Post Reply Subscribe

...

Page 2 of 6

First

1 2 3 4 5 6

Last