• Sign up or login, and you'll have full access to opportunities of forum.

Insecure Login

Go to CruxDreams.com

elskare

Guard
I love this site but Firefox warns me that the login is insecure and my password could be stolen because no https or other encrypted connection is available. Any idea when it will be available?
 
buy antivirus or even 2 some time 2 can works together, on firewall buy and enter to ur computer monitor without camera to not give to overattached stalker to watch u when u sleep. :oops:
 
A https-login will be expensive for the site-owner. This function needing other sites more, per example sales-sites or banking-sites. Not this hobby- and fun-site. Ignore easyly the warning!
The lack of a secure login means that your login (username/password) is in the clear and theoretically (if someone is listening on the network or monitoring your WI-FI) your credentials can be read and someone else can log in as you. So, suppose someone does log in as you.
(1) They can post in your name.
(2) They can read and modify your profile.
(3) They can IM other people and the recipient will think the messages are from you. They can read your correspondence.
So what can that do? It can give you a bad name on the site, and tick off others, even your friends.
Your profile can be altered to make you look bad.
What else? No credit cards. If your profile is a little dishonest anyway (mine is--my birthday is wrong, my location is general), and I believe most people's are--some don't even give their location or gender, there is little harm done. Are they going to locate every military firing range in the UK to track down Racing Rodent?
It takes some effort and skill to read a login over a network--pluck it out of the formatted "packets" you intercept. If there is malware on your machine that does it, or malware on one of the other machines on your trusted local network, you have a lot more worries than your crux forums credentials being stolen. If the crux forums site itself has malware, things can be stolen anyway, https or no.
If you are donating to the site, someone could up our contribution. That may hurt you but doesn't really help them.
Is there anything else anyone can think of? I assume most people don't have credit card numbers, home addresses, or telephone numbers on this site.
(Of course if anyone pisses off Tree when posing as you, he may come looking for you. But, can he find you through the Seagram's fog using the vague information in your profile? It is, as Holmes would say, probably not "elementary".)
 
The lack of a secure login means that your login (username/password) is in the clear and theoretically (if someone is listening on the network or monitoring your WI-FI) your credentials can be read and someone else can log in as you. So, suppose someone does log in as you.
(1) They can post in your name.
(2) They can read and modify your profile.
(3) They can IM other people and the recipient will think the messages are from you. They can read your correspondence.
So what can that do? It can give you a bad name on the site, and tick off others, even your friends.
Your profile can be altered to make you look bad.
What else? No credit cards. If your profile is a little dishonest anyway (mine is--my birthday is wrong, my location is general), and I believe most people's are--some don't even give their location or gender, there is little harm done. Are they going to locate every military firing range in the UK to track down Racing Rodent?
It takes some effort and skill to read a login over a network--pluck it out of the formatted "packets" you intercept. If there is malware on your machine that does it, or malware on one of the other machines on your trusted local network, you have a lot more worries than your crux forums credentials being stolen. If the crux forums site itself has malware, things can be stolen anyway, https or no.
If you are donating to the site, someone could up our contribution. That may hurt you but doesn't really help them.
Is there anything else anyone can think of? I assume most people don't have credit card numbers, home addresses, or telephone numbers on this site.
(Of course if anyone pisses off Tree when posing as you, he may come looking for you. But, can he find you through the Seagram's fog using the vague information in your profile? It is, as Holmes would say, probably not "elementary".)
Excellent analysis. The likelihood and motivation for someone to hijack your identity here is very low.
One danger your didn't mention. I know some here post more "confidential" information in private conversations. These too would be open to hacker. Personally, I do, but, as a retired divorced man in the closing decades of my life, I little fear any of my stuff here, "coming out." Those whose livelihood and relationships might be jeopardized, should be more careful about information to trace them.
 
Thanks Frank and PrPr - as I understand it, https is important if you're banking or buying things online,
it ensures your bank details, card nos etc are encrypted, but none of that applies here.
Contributions to help the site are dealt with quite separately and confidentially
by the site-owner, ImageMaker, using secure channels.

I'd only add that, in nearly 8 years here, most of that time on the staff,
I've never been aware of any malware or suchlike infections,
we - and our service provider XenForo -actually have pretty good security systems and firewalls.
Of course it's prudent to have good protection of your own,
I use Malwarebytes Premium and sometimes get warnings to avoid sites that members have posted links to
(no doubt in good faith and innocence - Malwarebytes is hyper-sensitive and often the sites are reasonably safe,
but may have dodgy links in them, unwanted popups etc.)
 
If your profile is a little dishonest anyway (mine is--my birthday is wrong,
Well, then I take back any birthday wishes I might have posted!

I am a renowned international celebrity in real life, but these days scandal only increases one's value, so go ahead, hackers ;)

Seriously, most of the breaches that have made the news have been of the sites themselves rather than the traffic in transit, as that gives far more info to the crooks than stealing from individuals. Is XenForo unhackable? Since the Pentagon, NSA, banks, and giant corporations have been hacked, obviously not. But the likely yield in dollars from hacking this site is minuscule compared to those targets, so they are unlikely to bother. My account is linked to an anonymous email unrelated to my real name, which is......, so go ahead, punks, make my day!
 
Of course any site can be hacked. Having https makes no difference to that.
But if we ever had been hacked, I'd have certainly got to hear of it.
And I was referring to security against malware etc., we've kept squeaky clean from that kind of stuff too.
 
My concern is not that somebody hijacks my account here or steals my creditcard number (which I won't use here anyway).
My concern is that whatever I transmit from my notebook to this lovely forum is transmitted in an easily readable way. Any hacker with beginner knowledge, or even worse, any technician at my Internet Provide can read what I am writing or downloading here. And that is sensitive in a way.
 
My concern is not that somebody hijacks my account here or steals my creditcard number (which I won't use here anyway).
My concern is that whatever I transmit from my notebook to this lovely forum is transmitted in an easily readable way. Any hacker with beginner knowledge, or even worse, any technician at my Internet Provide can read what I am writing or downloading here. And that is sensitive in a way.

Hmmm. I’m at a point in my life that "Publish and be damned!" is a viable option. Some of my family and friends might be creeped out, but my career isn’t on the line.
 
Surely you mean this fellow. :rolleyes:


View attachment 736728
One MILLION dollars!!!
I’m at a point in my life that "Publish and be damned!" is a viable option.
It's better than "Publish or Perish"
Any hacker with beginner knowledge, or even worse, any technician at my Internet Provide can read what I am writing or downloading here.
Sure, but do you really think they are? Even if it were encrypted, they would know you are posting at CruxForums. There are many things I worry about in life-climate change, wars, cancer, financial crashes, the heartbreak of psoriasis-but that is down the list
 
My concern is that whatever I transmit from my notebook to this lovely forum is transmitted in an easily readable way. Any hacker with beginner knowledge, or even worse, any technician at my Internet Provide can read what I am writing or downloading here. And that is sensitive in a way.

In fact, anything we post here can be seen by anyone who finds the site,
just looking as 'guests', without needing to register.
Only they can't enlarge thumbnail pictures or play videos,
or - of course - post anything or start conversations.
 
My concern is not that somebody hijacks my account here or steals my creditcard number (which I won't use here anyway).
My concern is that whatever I transmit from my notebook to this lovely forum is transmitted in an easily readable way. Any hacker with beginner knowledge, or even worse, any technician at my Internet Provide can read what I am writing or downloading here. And that is sensitive in a way.
If you want online privacy then use a VPN. There are several free ones available. To be honest I think you are worrying about nothing.
 
Hi,

I have a question: Would it be possible to enable secure (HTTPS) connections to this site? Right now, everything done on this site (logging in with password, uploading and receiving pictures and stories) is insecure.

Thanks
MoN

As much as I respect the owners of this site, which I do, I agree. No complaints otherwise because I think this is an excellent platform and very well run. Having that little extra might be a way forward.
 
Back
Top Bottom