Site not using SSL
Site not using SSL
I guess I’ve never really noticed much because I’m usually on my phone, but it just dawned on me that this site isn’t set up to use SSL. That means anytime we log in, our username/password could easily be intercepted.
Might want to look into it.
Might want to look into it.
Current
Alpina Extreme Diver 300 | Benarus Ti47 | Breitling Avenger Seawolf | Eterna KonTiki Super 1973 | Hamilton Jazzmaster Viewmatic | Hamilton Pan Europ | IWC Aquatimer 2000 | Korsbek Oceaneer | Linde Werdelin The One 2.6 | Omega Seamaster 300 Spectre | Omega Seamaster 300 Titanium | Omega Seamaster 2531.80 | Omega Speedmaster Broad Arrow | Panerai 005 | Rolex Deepsea | Steinhart Nav-B 6497 | Steinhart Ocean Vintage Military | Stowa Seatime | Zenith El Primero Stratos
Incoming
Considering
PAM 422 | AP Royal Oak 15400 Silver | Rolex Explorer II 42mm Polar | Omega PO 8500 XL
Sometimes it's easier just to watch
Alpina Extreme Diver 300 | Benarus Ti47 | Breitling Avenger Seawolf | Eterna KonTiki Super 1973 | Hamilton Jazzmaster Viewmatic | Hamilton Pan Europ | IWC Aquatimer 2000 | Korsbek Oceaneer | Linde Werdelin The One 2.6 | Omega Seamaster 300 Spectre | Omega Seamaster 300 Titanium | Omega Seamaster 2531.80 | Omega Speedmaster Broad Arrow | Panerai 005 | Rolex Deepsea | Steinhart Nav-B 6497 | Steinhart Ocean Vintage Military | Stowa Seatime | Zenith El Primero Stratos
Incoming
Considering
PAM 422 | AP Royal Oak 15400 Silver | Rolex Explorer II 42mm Polar | Omega PO 8500 XL
Sometimes it's easier just to watch
- logan2z
- IT Admin
- Posts: 11739
- Joined: Sat Nov 24, 2012 1:08 am
- Name: Andrew
- Location: SF Bay Area, CA
Re: Site not using SSL
It's something that's been on my to-do list for a while, just haven't got to it yet.
FWIW, intercepting the username/password isn't something that is done 'easily'. One would need to orchestrate a man-in-the-middle-attack or be able to snoop the traffic on/leaving your local network. I don't think there would be much incentive for someone to go to all of that trouble to impersonate you on a watch forum. If this were an e-commerce site that would be a different matter.
FWIW, intercepting the username/password isn't something that is done 'easily'. One would need to orchestrate a man-in-the-middle-attack or be able to snoop the traffic on/leaving your local network. I don't think there would be much incentive for someone to go to all of that trouble to impersonate you on a watch forum. If this were an e-commerce site that would be a different matter.
- demer03
- Current Forecast: Vintage Doxa
- Posts: 19576
- Joined: Fri Dec 04, 2009 2:41 pm
- Name: Mike
- Location: Lake Michigami
Re: Site not using SSL
I just noticed in the URL bar it says “not secure”
Old Michigan steams like a young man's dreams
The islands and bays are for sportsmen
The islands and bays are for sportsmen
Re: Site not using SSL
I will respectfully disagree, but sure.logan2z wrote: ↑Thu Apr 25, 2019 9:09 amIt's something that's been on my to-do list for a while, just haven't got to it yet.
FWIW, intercepting the username/password isn't something that is done 'easily'. One would need to orchestrate a man-in-the-middle-attack or be able to snoop the traffic on/leaving your local network. I don't think there would be much incentive for someone to go to all of that trouble to impersonate you on a watch forum. If this were an e-commerce site that would be a different matter.
Current
Alpina Extreme Diver 300 | Benarus Ti47 | Breitling Avenger Seawolf | Eterna KonTiki Super 1973 | Hamilton Jazzmaster Viewmatic | Hamilton Pan Europ | IWC Aquatimer 2000 | Korsbek Oceaneer | Linde Werdelin The One 2.6 | Omega Seamaster 300 Spectre | Omega Seamaster 300 Titanium | Omega Seamaster 2531.80 | Omega Speedmaster Broad Arrow | Panerai 005 | Rolex Deepsea | Steinhart Nav-B 6497 | Steinhart Ocean Vintage Military | Stowa Seatime | Zenith El Primero Stratos
Incoming
Considering
PAM 422 | AP Royal Oak 15400 Silver | Rolex Explorer II 42mm Polar | Omega PO 8500 XL
Sometimes it's easier just to watch
Alpina Extreme Diver 300 | Benarus Ti47 | Breitling Avenger Seawolf | Eterna KonTiki Super 1973 | Hamilton Jazzmaster Viewmatic | Hamilton Pan Europ | IWC Aquatimer 2000 | Korsbek Oceaneer | Linde Werdelin The One 2.6 | Omega Seamaster 300 Spectre | Omega Seamaster 300 Titanium | Omega Seamaster 2531.80 | Omega Speedmaster Broad Arrow | Panerai 005 | Rolex Deepsea | Steinhart Nav-B 6497 | Steinhart Ocean Vintage Military | Stowa Seatime | Zenith El Primero Stratos
Incoming
Considering
PAM 422 | AP Royal Oak 15400 Silver | Rolex Explorer II 42mm Polar | Omega PO 8500 XL
Sometimes it's easier just to watch
- logan2z
- IT Admin
- Posts: 11739
- Joined: Sat Nov 24, 2012 1:08 am
- Name: Andrew
- Location: SF Bay Area, CA
Re: Site not using SSL
With which part?outtatime wrote: ↑Thu Apr 25, 2019 9:48 amI will respectfully disagree, but sure.logan2z wrote: ↑Thu Apr 25, 2019 9:09 amIt's something that's been on my to-do list for a while, just haven't got to it yet.
FWIW, intercepting the username/password isn't something that is done 'easily'. One would need to orchestrate a man-in-the-middle-attack or be able to snoop the traffic on/leaving your local network. I don't think there would be much incentive for someone to go to all of that trouble to impersonate you on a watch forum. If this were an e-commerce site that would be a different matter.
- demer03
- Current Forecast: Vintage Doxa
- Posts: 19576
- Joined: Fri Dec 04, 2009 2:41 pm
- Name: Mike
- Location: Lake Michigami
Re: Site not using SSL
....you know I don’t speak Spanish....
Old Michigan steams like a young man's dreams
The islands and bays are for sportsmen
The islands and bays are for sportsmen
- mattcantwin
- mattcreatestonsofwatchrelateddrama
- Posts: 18489
- Joined: Wed Dec 02, 2009 3:53 pm
Re: Site not using SSL
If I start posting about all-night sex sessions...logan2z wrote: ↑Thu Apr 25, 2019 9:09 amIt's something that's been on my to-do list for a while, just haven't got to it yet.
FWIW, intercepting the username/password isn't something that is done 'easily'. One would need to orchestrate a man-in-the-middle-attack or be able to snoop the traffic on/leaving your local network. I don't think there would be much incentive for someone to go to all of that trouble to impersonate you on a watch forum. If this were an e-commerce site that would be a different matter.
It’s not me.
- logan2z
- IT Admin
- Posts: 11739
- Joined: Sat Nov 24, 2012 1:08 am
- Name: Andrew
- Location: SF Bay Area, CA
Re: Site not using SSL
Your web browser is telling you that the data transferred between it and the site is not encrypted. So if a hacker had the wherewithal, he could potentially snoop that data as it's transferred over the network.
- toxicavenger
- President Tranny
- Posts: 48085
- Joined: Fri Mar 12, 2010 8:25 am
- Name: HeadDIK
- Location: Colorado Springs
Re: Site not using SSL
Basically what Andrew is trying to tell you all is that it's not needed on a site that does not use banking information or any personal information. The only thing this site uses is a username and password.
Website: http://smallwhitestubbies.com/
- logan2z
- IT Admin
- Posts: 11739
- Joined: Sat Nov 24, 2012 1:08 am
- Name: Andrew
- Location: SF Bay Area, CA
Re: Site not using SSL
I'm saying that it's less critical on a site that doesn't accept things like credit cards and other personal information. However, it is still possible for a clever hacker to steal a username/password that is not sent over a secure connection. If one happens to use this same username/password at other sites (eg. bank, e-commerce sites, etc - never do this!) then the stolen credentials could be used to compromise accounts at those sites.toxicavenger wrote: ↑Thu Apr 25, 2019 11:38 amBasically what Andrew is trying to tell you all is that it's not needed on a site that does not use banking information or any personal information. The only thing this site uses is a username and password.
As I mentioned before, I've been aware of the lack of an SSL connection to DWC for a while and will look into configuring the site for HTTPS shortly.
- Joeprez
- Wants to see pics of your wife
- Posts: 13843
- Joined: Mon Apr 22, 2013 5:36 am
- Name: Joe
- Location: Puerto Rico
Re: Site not using SSL
Now if your DWC password is the same as your bank login password... then you're a dumbass
Omega / Tudor / Rolex / Sinn / Doxa / Seiko
- james80
- Posts: 3443
- Joined: Mon Sep 14, 2015 1:56 pm
- Name: James
- Location: A Brit lost in the Caribbean
Site not using SSL
But aren’t all passwords supposed to be the same? You know your name and 123
Re: Site not using SSL
I used to. Then someone got my TRF password which got into my icloud account. Then I changed everything and use keeper. It’s tedious at first but so damn convenient.
- mattcantwin
- mattcreatestonsofwatchrelateddrama
- Posts: 18489
- Joined: Wed Dec 02, 2009 3:53 pm
- demer03
- Current Forecast: Vintage Doxa
- Posts: 19576
- Joined: Fri Dec 04, 2009 2:41 pm
- Name: Mike
- Location: Lake Michigami
Re: Site not using SSL
What if it’s the same as my luggage?
(Thinly veiled Spaceballs reference)
Old Michigan steams like a young man's dreams
The islands and bays are for sportsmen
The islands and bays are for sportsmen
- Joeprez
- Wants to see pics of your wife
- Posts: 13843
- Joined: Mon Apr 22, 2013 5:36 am
- Name: Joe
- Location: Puerto Rico
Re: Site not using SSL
LOL - when I use to be a federal employee our system made us change passwords every 90 days and after a while I got frustrated and started using stuff like GoFuckYourself!mattcantwin wrote:
Re: Site not using SSL
james80 wrote:But aren’t all passwords supposed to be the same? You know your name and 123
I thought we were supposed to use “password” ???
Re: Site not using SSL
"You will give us the password or we will continue with the thumb screws."
"GoFuckYourself!"
"I see we will have to use more aggressive persuasion."
No, it's not Tourettes.
Re: Site not using SSL
Great minds...
- toxicavenger
- President Tranny
- Posts: 48085
- Joined: Fri Mar 12, 2010 8:25 am
- Name: HeadDIK
- Location: Colorado Springs
Who is online
Users browsing this forum: No registered users and 100 guests