Two Plus Two Publishing LLC Two Plus Two Publishing LLC
 

Go Back   Two Plus Two Poker Forums > >

Notices

About the Forums Here's where you post suggestions about the forums and the software that implements them.

Reply
 
Thread Tools Display Modes
Old 04-23-2017, 06:09 PM   #101
wellju
BSOD and racetrack Ninja
 
wellju's Avatar
 
Join Date: Feb 2010
Location: ALL OF THEM
Posts: 5,247
Re: Does this site really not use https, and uses plaintext passwords?

Ok, is this really it?
The admins of this board just hide and act like nothing happened?

This level of sheer technical incompetence should be illegal. No one with that little idea about the industry he's in, should be able to run a business in that particular industry.

Arguing that SSL would be too costly is the most ridiculous thing I ever heard. If you have ancient hardware not being able to handle CPU instructions from 1996, then go ****ing out of business. And if the hardware is newer than that ... when Google made the switch in 2012, they had a 2% traffic overhead.

Given the fact that users of this board exchange private information in PMs, you should ****ing care.

So now, for once, instead of coming up with bull**** excuses.

Show us that you salted and hashed your passwords. I'm eagerly awaiting the SQL report together with Trumps tax returns.
wellju is offline   Reply With Quote
Old 04-24-2017, 09:21 AM   #102
Neil S
King of the sidebar
 
Neil S's Avatar
 
Join Date: Sep 2004
Location: Northern Virginia
Posts: 17,618
Re: Does this site really not use https, and uses plaintext passwords?

Again, conflating SSL and password hashing issues just discredits the whole movement.
Neil S is offline   Reply With Quote
Old 04-30-2017, 07:17 AM   #103
wellju
BSOD and racetrack Ninja
 
wellju's Avatar
 
Join Date: Feb 2010
Location: ALL OF THEM
Posts: 5,247
Re: Does this site really not use https, and uses plaintext passwords?

Quote:
Originally Posted by Neil S View Post
Again, conflating SSL and password hashing issues just discredits the whole movement.
No, not saying one single word and make up excuses discredits the whole site and the management.

So once again, maybe you get it in your 3rd reading attempt.

This website is storing passwords in a database, in clear text. That's shady and fraudulent. I can not be sure that the passwords even were hacked, if you leave the database unencrypted, I have to assume you're just willing to sell your user data to whomever, as there is no steps taken whatsoever to not compromise the data of your users.
wellju is offline   Reply With Quote
Old 04-30-2017, 09:52 AM   #104
Neil S
King of the sidebar
 
Neil S's Avatar
 
Join Date: Sep 2004
Location: Northern Virginia
Posts: 17,618
Re: Does this site really not use https, and uses plaintext passwords?

Please tell me how installing https on the site would have anything to do with that, genius.
Neil S is offline   Reply With Quote
Old 04-30-2017, 12:10 PM   #105
Noodle Wazlib
just about tolerable
 
Noodle Wazlib's Avatar
 
Join Date: Nov 2015
Location: Drowning in robot chocolate
Posts: 9,193
Re: Does this site really not use https, and uses plaintext passwords?

Quote:
This website is storing passwords in a database, in clear text
[Citation Needed]
Noodle Wazlib is offline   Reply With Quote
Old 04-30-2017, 02:10 PM   #106
Jbrochu
Carpal \'Tunnel
 
Join Date: Jan 2005
Posts: 14,576
Re: Does this site really not use https, and uses plaintext passwords?

Quote:
Originally Posted by Noodle Wazlib View Post
[Citation Needed]

Quote:
Originally Posted by wellju View Post
This website is storing passwords in a database, in clear text.
.
Jbrochu is online now   Reply With Quote
Old 04-30-2017, 02:40 PM   #107
Noodle Wazlib
just about tolerable
 
Noodle Wazlib's Avatar
 
Join Date: Nov 2015
Location: Drowning in robot chocolate
Posts: 9,193
Re: Does this site really not use https, and uses plaintext passwords?

Noodle Wazlib is offline   Reply With Quote
Old 04-30-2017, 11:09 PM   #108
Noodle Wazlib
just about tolerable
 
Noodle Wazlib's Avatar
 
Join Date: Nov 2015
Location: Drowning in robot chocolate
Posts: 9,193
Re: Does this site really not use https, and uses plaintext passwords?

Here's that story about how google gives search priority to sites using https (from 3 years ago):

https://search.slashdot.org/story/14...use-encryption

So being secure is now a form of SEO. Bold move to reduce your own web traffic and keep your users and your site at risk as a business strategy.
Noodle Wazlib is offline   Reply With Quote
Old 05-01-2017, 03:13 AM   #109
Bobo Fett
2+2 Ad Man
 
Bobo Fett's Avatar
 
Join Date: May 2006
Location: Canada, eh!
Posts: 44,376
Re: Does this site really not use https, and uses plaintext passwords?

Quote:
Originally Posted by wellju View Post
This website is storing passwords in a database, in clear text. That's shady and fraudulent.
Even if the passwords were being stored in clear text, I fail to see what would be either shady or fraudulent about that.

What does seem a little...I won't say shady, but questionable...is continually asserting that the passwords are stored in clear text and avoiding peoples' questions about how you know that they are. I mean, I understand that it's entirely possible that you've missed other threads where 2+2 administration has posted that the passwords were encrypted, but I'd think that if you're going to assert that they are stored in clear text, you could share how you know this. Is Mat mistaken?

http://forumserver.twoplustwo.com/29...orums-1648366/

On the issue of SSL, this has come up in the mod forum before, and the last post I've seen from Chuck on the matter said that he was trying to find a solution for login only (he was concerned that implementing sitewide could cause some problems), and hadn't yet been able to find one yet. That was some time ago, so I'll see if he has an update on this.
Bobo Fett is offline   Reply With Quote
Old 05-01-2017, 09:55 AM   #110
Noodle Wazlib
just about tolerable
 
Noodle Wazlib's Avatar
 
Join Date: Nov 2015
Location: Drowning in robot chocolate
Posts: 9,193
Re: Does this site really not use https, and uses plaintext passwords?

http://stackoverflow.com/questions/2...site-in-apache

One whole google search.

Also, please tell me mat was confusing hashing with encryption, because if he wasn't then the passwords were basically in clear text.
Noodle Wazlib is offline   Reply With Quote
Old 05-01-2017, 10:09 AM   #111
Neil S
King of the sidebar
 
Neil S's Avatar
 
Join Date: Sep 2004
Location: Northern Virginia
Posts: 17,618
Re: Does this site really not use https, and uses plaintext passwords?

Just checked. vBulletin uses md5( md5(password) + salt) to store its passwords.

md5 has since been broken open, but "storing in plain text" is hyperbolic.
Neil S is offline   Reply With Quote
Old 05-01-2017, 10:19 AM   #112
Noodle Wazlib
just about tolerable
 
Noodle Wazlib's Avatar
 
Join Date: Nov 2015
Location: Drowning in robot chocolate
Posts: 9,193
Re: Does this site really not use https, and uses plaintext passwords?

Have there been attacks aside from collisions? I wouldn't be super worried about collisions given salts were used.

I mean, i know the heads of the crypto world consider md5 dead, but it's still decent protection (read: more than none) for a site like this.
Noodle Wazlib is offline   Reply With Quote
Old 05-01-2017, 02:33 PM   #113
Mat Sklansky
Administrator
 
Join Date: Aug 2002
Location: This just seems ridiculous to me
Posts: 8,320
Re: Does this site really not use https, and uses plaintext passwords?

anything i said would have been me repeating something chuck said or i thought he said. i'm going to have him post in this thread addressing anything that needs to be adressed
Mat Sklansky is online now   Reply With Quote
Old 05-02-2017, 12:06 AM   #114
zikzak
Carpal \'Tunnel
 
zikzak's Avatar
 
Join Date: Jul 2009
Posts: 18,055
Re: Does this site really not use https, and uses plaintext passwords?

...8 years later.
zikzak is offline   Reply With Quote
Old 05-03-2017, 04:40 PM   #115
Noodle Wazlib
just about tolerable
 
Noodle Wazlib's Avatar
 
Join Date: Nov 2015
Location: Drowning in robot chocolate
Posts: 9,193
Re: Does this site really not use https, and uses plaintext passwords?

waiting for Chuck's first post in this thread for its entire 8 year existence
Noodle Wazlib is offline   Reply With Quote
Old 05-03-2017, 05:41 PM   #116
Jbrochu
Carpal \'Tunnel
 
Join Date: Jan 2005
Posts: 14,576
Re: Does this site really not use https, and uses plaintext passwords?

He said something about salt and then went and smoked some hash.
Jbrochu is online now   Reply With Quote
Old 05-08-2017, 08:33 AM   #117
Noodle Wazlib
just about tolerable
 
Noodle Wazlib's Avatar
 
Join Date: Nov 2015
Location: Drowning in robot chocolate
Posts: 9,193
Re: Does this site really not use https, and uses plaintext passwords?

Chances we hear something this week?
Noodle Wazlib is offline   Reply With Quote
Old Yesterday, 10:28 AM   #118
Noodle Wazlib
just about tolerable
 
Noodle Wazlib's Avatar
 
Join Date: Nov 2015
Location: Drowning in robot chocolate
Posts: 9,193
Re: Does this site really not use https, and uses plaintext passwords?

Chances we hear something this month?
Noodle Wazlib is offline   Reply With Quote

Reply
      

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Forum Jump


All times are GMT -4. The time now is 10:25 PM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Search Engine Optimisation provided by DragonByte SEO v2.0.33 (Pro) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Copyright ę 2008-2010, Two Plus Two Interactive
 
 
Poker Players - Streaming Live Online