Site not using SSL

Get your nerd on.
outtatime
Posts: 1708
Joined: Sat Jan 12, 2013 7:42 pm
Name: Jon
Location: Ohio

Site not using SSL

Post by outtatime » Thu Apr 25, 2019 9:00 am

I guess I’ve never really noticed much because I’m usually on my phone, but it just dawned on me that this site isn’t set up to use SSL. That means anytime we log in, our username/password could easily be intercepted.

Might want to look into it.
Current
Alpina Extreme Diver 300 | Benarus Ti47 | Breitling Avenger Seawolf | Eterna KonTiki Super 1973 | Hamilton Jazzmaster Viewmatic | Hamilton Pan Europ | IWC Aquatimer 2000 | Korsbek Oceaneer | Linde Werdelin The One 2.6 | Omega Seamaster 300 Spectre | Omega Seamaster 300 Titanium | Omega Seamaster 2531.80 | Omega Speedmaster Broad Arrow | Panerai 005 | Rolex Deepsea | Steinhart Nav-B 6497 | Steinhart Ocean Vintage Military | Stowa Seatime | Zenith El Primero Stratos

Incoming


Considering
PAM 422 | AP Royal Oak 15400 Silver | Rolex Explorer II 42mm Polar | Omega PO 8500 XL


Sometimes it's easier just to watch

User avatar
logan2z
IT Admin
Posts: 11739
Joined: Sat Nov 24, 2012 1:08 am
Name: Andrew
Location: SF Bay Area, CA

Re: Site not using SSL

Post by logan2z » Thu Apr 25, 2019 9:09 am

It's something that's been on my to-do list for a while, just haven't got to it yet.

FWIW, intercepting the username/password isn't something that is done 'easily'. One would need to orchestrate a man-in-the-middle-attack or be able to snoop the traffic on/leaving your local network. I don't think there would be much incentive for someone to go to all of that trouble to impersonate you on a watch forum. If this were an e-commerce site that would be a different matter.

User avatar
demer03
Current Forecast: Vintage Doxa
Posts: 19575
Joined: Fri Dec 04, 2009 2:41 pm
Name: Mike
Location: Lake Michigami

Re: Site not using SSL

Post by demer03 » Thu Apr 25, 2019 9:27 am

I just noticed in the URL bar it says “not secure”
Old Michigan steams like a young man's dreams
The islands and bays are for sportsmen

Image

User avatar
logan2z
IT Admin
Posts: 11739
Joined: Sat Nov 24, 2012 1:08 am
Name: Andrew
Location: SF Bay Area, CA

Re: Site not using SSL

Post by logan2z » Thu Apr 25, 2019 9:41 am

demer03 wrote:
Thu Apr 25, 2019 9:27 am
I just noticed in the URL bar it says “not secure”
Right, that's because the site isn't using HTTPS.

outtatime
Posts: 1708
Joined: Sat Jan 12, 2013 7:42 pm
Name: Jon
Location: Ohio

Re: Site not using SSL

Post by outtatime » Thu Apr 25, 2019 9:48 am

logan2z wrote:
Thu Apr 25, 2019 9:09 am
It's something that's been on my to-do list for a while, just haven't got to it yet.

FWIW, intercepting the username/password isn't something that is done 'easily'. One would need to orchestrate a man-in-the-middle-attack or be able to snoop the traffic on/leaving your local network. I don't think there would be much incentive for someone to go to all of that trouble to impersonate you on a watch forum. If this were an e-commerce site that would be a different matter.
I will respectfully disagree, but sure.
Current
Alpina Extreme Diver 300 | Benarus Ti47 | Breitling Avenger Seawolf | Eterna KonTiki Super 1973 | Hamilton Jazzmaster Viewmatic | Hamilton Pan Europ | IWC Aquatimer 2000 | Korsbek Oceaneer | Linde Werdelin The One 2.6 | Omega Seamaster 300 Spectre | Omega Seamaster 300 Titanium | Omega Seamaster 2531.80 | Omega Speedmaster Broad Arrow | Panerai 005 | Rolex Deepsea | Steinhart Nav-B 6497 | Steinhart Ocean Vintage Military | Stowa Seatime | Zenith El Primero Stratos

Incoming


Considering
PAM 422 | AP Royal Oak 15400 Silver | Rolex Explorer II 42mm Polar | Omega PO 8500 XL


Sometimes it's easier just to watch

User avatar
logan2z
IT Admin
Posts: 11739
Joined: Sat Nov 24, 2012 1:08 am
Name: Andrew
Location: SF Bay Area, CA

Re: Site not using SSL

Post by logan2z » Thu Apr 25, 2019 9:58 am

outtatime wrote:
Thu Apr 25, 2019 9:48 am
logan2z wrote:
Thu Apr 25, 2019 9:09 am
It's something that's been on my to-do list for a while, just haven't got to it yet.

FWIW, intercepting the username/password isn't something that is done 'easily'. One would need to orchestrate a man-in-the-middle-attack or be able to snoop the traffic on/leaving your local network. I don't think there would be much incentive for someone to go to all of that trouble to impersonate you on a watch forum. If this were an e-commerce site that would be a different matter.
I will respectfully disagree, but sure.
With which part?

User avatar
demer03
Current Forecast: Vintage Doxa
Posts: 19575
Joined: Fri Dec 04, 2009 2:41 pm
Name: Mike
Location: Lake Michigami

Re: Site not using SSL

Post by demer03 » Thu Apr 25, 2019 10:39 am

logan2z wrote:
Thu Apr 25, 2019 9:41 am
demer03 wrote:
Thu Apr 25, 2019 9:27 am
I just noticed in the URL bar it says “not secure”
Right, that's because the site isn't using HTTPS.
....you know I don’t speak Spanish....
Old Michigan steams like a young man's dreams
The islands and bays are for sportsmen

Image

User avatar
mattcantwin
mattcreatestonsofwatchrelateddrama
Posts: 18489
Joined: Wed Dec 02, 2009 3:53 pm

Re: Site not using SSL

Post by mattcantwin » Thu Apr 25, 2019 10:44 am

logan2z wrote:
Thu Apr 25, 2019 9:09 am
It's something that's been on my to-do list for a while, just haven't got to it yet.

FWIW, intercepting the username/password isn't something that is done 'easily'. One would need to orchestrate a man-in-the-middle-attack or be able to snoop the traffic on/leaving your local network. I don't think there would be much incentive for someone to go to all of that trouble to impersonate you on a watch forum. If this were an e-commerce site that would be a different matter.
If I start posting about all-night sex sessions...


It’s not me. :raised:
Image

User avatar
logan2z
IT Admin
Posts: 11739
Joined: Sat Nov 24, 2012 1:08 am
Name: Andrew
Location: SF Bay Area, CA

Re: Site not using SSL

Post by logan2z » Thu Apr 25, 2019 10:47 am

demer03 wrote:
Thu Apr 25, 2019 10:39 am
logan2z wrote:
Thu Apr 25, 2019 9:41 am
demer03 wrote:
Thu Apr 25, 2019 9:27 am
I just noticed in the URL bar it says “not secure”
Right, that's because the site isn't using HTTPS.
....you know I don’t speak Spanish....
:) Your web browser is telling you that the data transferred between it and the site is not encrypted. So if a hacker had the wherewithal, he could potentially snoop that data as it's transferred over the network.

User avatar
toxicavenger
President Tranny
Posts: 48084
Joined: Fri Mar 12, 2010 8:25 am
Name: HeadDIK
Location: Colorado Springs

Re: Site not using SSL

Post by toxicavenger » Thu Apr 25, 2019 11:38 am

Basically what Andrew is trying to tell you all is that it's not needed on a site that does not use banking information or any personal information. The only thing this site uses is a username and password.

User avatar
logan2z
IT Admin
Posts: 11739
Joined: Sat Nov 24, 2012 1:08 am
Name: Andrew
Location: SF Bay Area, CA

Re: Site not using SSL

Post by logan2z » Thu Apr 25, 2019 11:57 am

toxicavenger wrote:
Thu Apr 25, 2019 11:38 am
Basically what Andrew is trying to tell you all is that it's not needed on a site that does not use banking information or any personal information. The only thing this site uses is a username and password.
I'm saying that it's less critical on a site that doesn't accept things like credit cards and other personal information. However, it is still possible for a clever hacker to steal a username/password that is not sent over a secure connection. If one happens to use this same username/password at other sites (eg. bank, e-commerce sites, etc - never do this!) then the stolen credentials could be used to compromise accounts at those sites.

As I mentioned before, I've been aware of the lack of an SSL connection to DWC for a while and will look into configuring the site for HTTPS shortly.

User avatar
Joeprez
Wants to see pics of your wife
Posts: 13842
Joined: Mon Apr 22, 2013 5:36 am
Name: Joe
Location: Puerto Rico

Re: Site not using SSL

Post by Joeprez » Thu Apr 25, 2019 12:18 pm

Now if your DWC password is the same as your bank login password... then you're a dumbass :lol:
Image

Omega / Tudor / Rolex / Sinn / Doxa / Seiko

User avatar
Panerai7
Posts: 16728
Joined: Mon Mar 11, 2013 8:09 pm
Name: Art
Location: North Carolina

Re: Site not using SSL

Post by Panerai7 » Thu Apr 25, 2019 12:53 pm

Joeprez wrote:
Thu Apr 25, 2019 12:18 pm
Now if your DWC password is the same as your bank login password... then you're a dumbass :lol:
What about using your SS# as your password, is that okay? ;)

User avatar
james80
Posts: 3443
Joined: Mon Sep 14, 2015 1:56 pm
Name: James
Location: A Brit lost in the Caribbean

Site not using SSL

Post by james80 » Thu Apr 25, 2019 12:57 pm

But aren’t all passwords supposed to be the same? You know your name and 123

User avatar
logan2z
IT Admin
Posts: 11739
Joined: Sat Nov 24, 2012 1:08 am
Name: Andrew
Location: SF Bay Area, CA

Re: Site not using SSL

Post by logan2z » Thu Apr 25, 2019 12:58 pm

Joeprez wrote:
Thu Apr 25, 2019 12:18 pm
Now if your DWC password is the same as your bank login password... then you're a dumbass :lol:
You'd be surprised how many people do things like this. Stupidity is the leading cause of computer hacks.

User avatar
nweash
Posts: 4800
Joined: Tue Jul 22, 2014 9:52 pm
Name: Nick
Location: High Hill, CA

Re: Site not using SSL

Post by nweash » Thu Apr 25, 2019 1:19 pm

I used to. Then someone got my TRF password which got into my icloud account. Then I changed everything and use keeper. It’s tedious at first but so damn convenient.

User avatar
mattcantwin
mattcreatestonsofwatchrelateddrama
Posts: 18489
Joined: Wed Dec 02, 2009 3:53 pm

Re: Site not using SSL

Post by mattcantwin » Thu Apr 25, 2019 1:20 pm

Image
Image

User avatar
demer03
Current Forecast: Vintage Doxa
Posts: 19575
Joined: Fri Dec 04, 2009 2:41 pm
Name: Mike
Location: Lake Michigami

Re: Site not using SSL

Post by demer03 » Thu Apr 25, 2019 1:24 pm

Joeprez wrote:
Thu Apr 25, 2019 12:18 pm
Now if your DWC password is the same as your bank login password... then you're a dumbass :lol:
What if it’s the same as my luggage?

(Thinly veiled Spaceballs reference)
Old Michigan steams like a young man's dreams
The islands and bays are for sportsmen

Image

User avatar
Joeprez
Wants to see pics of your wife
Posts: 13842
Joined: Mon Apr 22, 2013 5:36 am
Name: Joe
Location: Puerto Rico

Re: Site not using SSL

Post by Joeprez » Thu Apr 25, 2019 1:26 pm

Panerai7 wrote:
Thu Apr 25, 2019 12:53 pm
Joeprez wrote:
Thu Apr 25, 2019 12:18 pm
Now if your DWC password is the same as your bank login password... then you're a dumbass :lol:
What about using your SS# as your password, is that okay? ;)
That's what I use! :dance:
Image

Omega / Tudor / Rolex / Sinn / Doxa / Seiko

User avatar
Chocodove
Posts: 8940
Joined: Mon Jun 17, 2013 1:35 pm
Name: Todd
Location: NJ

Re: Site not using SSL

Post by Chocodove » Thu Apr 25, 2019 1:54 pm

demer03 wrote:
Joeprez wrote:
Thu Apr 25, 2019 12:18 pm
Now if your DWC password is the same as your bank login password... then you're a dumbass :lol:
What if it’s the same as my luggage?

(Thinly veiled Spaceballs reference)
You’re druish?
- Todd

User avatar
BacoNoir
Posts: 6392
Joined: Tue May 10, 2016 6:33 pm
Name: Roger
Location: Colorado

Re: Site not using SSL

Post by BacoNoir » Thu Apr 25, 2019 7:54 pm

mattcantwin wrote:Image
LOL - when I use to be a federal employee our system made us change passwords every 90 days and after a while I got frustrated and started using stuff like GoFuckYourself!
www.simplynoble.net
Time Magazine Person of the Year - 2006

Image

User avatar
hoppyjr
HJ
Posts: 39665
Joined: Thu Feb 24, 2011 9:05 am
Name: Hoppy

Re: Site not using SSL

Post by hoppyjr » Thu Apr 25, 2019 8:04 pm

james80 wrote:But aren’t all passwords supposed to be the same? You know your name and 123

I thought we were supposed to use “password” ???

User avatar
ChuckW
Posts: 1612
Joined: Sun Nov 27, 2011 5:59 pm
Name: Chuck
Location: Atlanta

Re: Site not using SSL

Post by ChuckW » Thu Apr 25, 2019 9:35 pm

BacoNoir wrote:
Thu Apr 25, 2019 7:54 pm
mattcantwin wrote:Image
LOL - when I use to be a federal employee our system made us change passwords every 90 days and after a while I got frustrated and started using stuff like GoFuckYourself!
"You will give us the password or we will continue with the thumb screws."

"GoFuckYourself!"

"I see we will have to use more aggressive persuasion."
No, it's not Tourettes.

User avatar
Panerai7
Posts: 16728
Joined: Mon Mar 11, 2013 8:09 pm
Name: Art
Location: North Carolina

Re: Site not using SSL

Post by Panerai7 » Fri Apr 26, 2019 7:24 am

Joeprez wrote:
Thu Apr 25, 2019 1:26 pm
Panerai7 wrote:
Thu Apr 25, 2019 12:53 pm
Joeprez wrote:
Thu Apr 25, 2019 12:18 pm
Now if your DWC password is the same as your bank login password... then you're a dumbass :lol:
What about using your SS# as your password, is that okay? ;)
That's what I use! :dance:
Great minds... :)

User avatar
toxicavenger
President Tranny
Posts: 48084
Joined: Fri Mar 12, 2010 8:25 am
Name: HeadDIK
Location: Colorado Springs

Re: Site not using SSL

Post by toxicavenger » Fri Apr 26, 2019 7:25 am


for moke

Post Reply

Who is online

Users browsing this forum: No registered users and 73 guests