ukVac.com Homepage
Forum Home Forum Home > Forum Info > Suggestions / Bugs / Problems / Help!
  New Posts New Posts RSS Feed - HTTPS removed - passwords unsafe
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Skin:


HTTPS removed - passwords unsafe

 Post Reply Post Reply Page  12>
Author
Message
Nes4life View Drop Down
Senior Members
Senior Members
Avatar

4 Years of Supporting ukvac.com!

4 Years of Supporting ukvac.com!



Joined: 02 Jan 2014
Location: Ashford, Kent
Status: Offline
Points: 13006

Feedback: 5
Post Options Post Options   Thanks (1) Thanks(1)   Quote Nes4life Quote  Post ReplyReply Direct Link To This Post Topic: HTTPS removed - passwords unsafe
    Posted: 22 Jul 2019 at 9:17am
I'd like to ask what is being done to add HTTPS back to the forum? 

I understand there was an issue a while back but completely removing HTTPS means that anyone entering their password into the site on a public wifi or network is essentially broadcasting their login details to everyone on that network (packet sniffers are trivial to install and use). Think about that next time you're in StarBucks, at an airport or a train station!

I know this isn't a banking site but I'm sure there's a good number of people reusing a common password that would get you into their email account for example. If you're such a person please read: https://grynersec.com/choosing-secure-memorable-passwords/

This forum is awesome but let's make it secure. I've now made the announcement but it would've been a nice courtesy if someone on the admin team had done so when HTTPS was removed and left as a sticky warning at the top of the site (apologies if this was explained somewhere but I've missed it).

EDIT: Found the thread where I believe HTTPS was removed to resolve the issue. Let's get a proper fix in. http://www.ukvac.com/forum/security-warning-on-mozilla-mac_topic356801.html


Edited by Nes4life - 22 Jul 2019 at 9:20am
NES4Life
-------------
Back to Top
devtty0 View Drop Down
User
User


Joined: 12 Apr 2013
Status: Offline
Points: 450

Feedback: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote devtty0 Quote  Post ReplyReply Direct Link To This Post Posted: 22 Jul 2019 at 9:26am
For adding trusted,  free certificates https://letsencrypt.org/ works well, and is well established now
wanted :
sega model 3 racing games
namco system 22 racing games
model 3 to naomi psu adapter
Back to Top
bobbydilley View Drop Down
User
User
Avatar

Joined: 31 Jul 2016
Location: Southampton
Status: Offline
Points: 222

Feedback: 0
Post Options Post Options   Thanks (0) Thanks(0)   Quote bobbydilley Quote  Post ReplyReply Direct Link To This Post Posted: 22 Jul 2019 at 10:54am
or using Cloudflare would allow you to use HTTPS from client to cloudflare (simply a change of nameservers and it's setup automatically, and no setup on the webserver), and would cache the static parts of the site on their CDN so might even make it a bit more snappy.
https://dilley.uk/arcade
Back to Top
Stevros View Drop Down
User
User
Avatar

Joined: 22 Jun 2012
Location: New Brighton
Status: Offline
Points: 2119

Feedback: 0
Post Options Post Options   Thanks (0) Thanks(0)   Quote Stevros Quote  Post ReplyReply Direct Link To This Post Posted: 22 Jul 2019 at 11:01am
Or you could just stay logged in?
WANTED Space invaders PCB Please inbox me!
Back to Top
bobbydilley View Drop Down
User
User
Avatar

Joined: 31 Jul 2016
Location: Southampton
Status: Offline
Points: 222

Feedback: 0
Post Options Post Options   Thanks (0) Thanks(0)   Quote bobbydilley Quote  Post ReplyReply Direct Link To This Post Posted: 22 Jul 2019 at 6:26pm
Leaving the site as http doesn’t just effect username/password plain text logins, it opens up other problems such as MITM attacks allowing public WiFi etc. to insert adverts, cryptominers, popups etc.
https://dilley.uk/arcade
Back to Top
r-type View Drop Down
User
User
Avatar

Joined: 26 Mar 2012
Location: Buckingham
Status: Offline
Points: 354

Feedback: 5
Post Options Post Options   Thanks (1) Thanks(1)   Quote r-type Quote  Post ReplyReply Direct Link To This Post Posted: 24 Oct 2019 at 7:57pm
Is there any news on this subject? - Be good to get things locked down properly.

Back to Top
Nes4life View Drop Down
Senior Members
Senior Members
Avatar

4 Years of Supporting ukvac.com!

4 Years of Supporting ukvac.com!



Joined: 02 Jan 2014
Location: Ashford, Kent
Status: Offline
Points: 13006

Feedback: 5
Post Options Post Options   Thanks (2) Thanks(2)   Quote Nes4life Quote  Post ReplyReply Direct Link To This Post Posted: 24 Oct 2019 at 8:36pm
https://doesmysiteneedhttps.com

Please sort this out. Please.
No, seriously.

Edited by Nes4life - 24 Oct 2019 at 8:44pm
NES4Life
-------------
Back to Top
digweed View Drop Down
User
User
Avatar

Joined: 16 May 2015
Location: Bournemouth
Status: Offline
Points: 1338

Feedback: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote digweed Quote  Post ReplyReply Direct Link To This Post Posted: 25 Oct 2019 at 3:26pm
^^ this Thumbs Up
Wanted: Space
Back to Top
Chunksin View Drop Down
Senior Member
Senior Member
Avatar

5 Years of Supporting ukvac.com!

5 Years of Supporting ukvac.com!



Joined: 28 May 2012
Location: Birmingham
Status: Offline
Points: 14545

Feedback: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote Chunksin Quote  Post ReplyReply Direct Link To This Post Posted: 25 Oct 2019 at 4:22pm
If setting up letsencrypt/certbot is too much of a hassle, how about https://comodosslstore.com/uk/positivessl.aspx - £22 for 4 years, I'll offer to pay if that helps!
Back to Top
funhouse View Drop Down
Senior Member
Senior Member
Avatar

4 Years of Supporting ukvac.com!

4 Years of Supporting ukvac.com!



Joined: 28 Mar 2016
Location: West London
Status: Offline
Points: 10997

Feedback: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote funhouse Quote  Post ReplyReply Direct Link To This Post Posted: 12 Nov 2019 at 7:42pm
I see a new 'Secure Site' logo on the left bottom side of the front page but clicking for me goes to:

File Not Found

The requested URL /vulnerability-scanner-verification/www.ukvac.com was not found on this server.

Are we headed for HTTPS sometime soon?

Back to Top
Nes4life View Drop Down
Senior Members
Senior Members
Avatar

4 Years of Supporting ukvac.com!

4 Years of Supporting ukvac.com!



Joined: 02 Jan 2014
Location: Ashford, Kent
Status: Offline
Points: 13006

Feedback: 5
Post Options Post Options   Thanks (1) Thanks(1)   Quote Nes4life Quote  Post ReplyReply Direct Link To This Post Posted: 20 Jan 2020 at 1:04pm
Admins, it's now 2020. Please have someone spend an hour on this and turn HTTPS back on.
It's free (or cheap) to do and it's easy. I did it for a friend's site in under half an hour with just the free tools supplied by the domain host.

Bringing security and peace of mind to the 5000+ members of UKVac is well worth it.
Thumbs Up
NES4Life
-------------
Back to Top
ianski View Drop Down
Senior Member
Senior Member
Avatar

Joined: 02 Apr 2014
Location: Cambridge, UK.
Status: Offline
Points: 6978

Feedback: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote ianski Quote  Post ReplyReply Direct Link To This Post Posted: 20 Jan 2020 at 2:50pm
+1 for this. It's only a matter of time before my workplace stop vac from running, then how am I gonna surf the forum while at work? Also, security is something to not compromise on I reckon.
My cabs: Track and Field, Mr.Do, Pacmania, Space Ace, Gorf, Jungle King, Astron Belt, Gyruss, OutRun, Frogger, Defender, Return of the Jedi.
Back to Top
Nes4life View Drop Down
Senior Members
Senior Members
Avatar

4 Years of Supporting ukvac.com!

4 Years of Supporting ukvac.com!



Joined: 02 Jan 2014
Location: Ashford, Kent
Status: Offline
Points: 13006

Feedback: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote Nes4life Quote  Post ReplyReply Direct Link To This Post Posted: 22 Jan 2020 at 2:30pm
Admins, please can you respond to this thread? 
Any sort of update would be very welcome Smile
NES4Life
-------------
Back to Top
DanP View Drop Down
Admin Group
Admin Group
Avatar
Whipcracker

5 Years of Supporting ukvac.com!

5 Years of Supporting ukvac.com!



Joined: 17 Apr 2000
Location: Essex
Status: Offline
Points: 6463

Feedback: 5
Post Options Post Options   Thanks (2) Thanks(2)   Quote DanP Quote  Post ReplyReply Direct Link To This Post Posted: 22 Jan 2020 at 4:10pm
Hi guys,  

Look we know this needs doing.    We will get round to it but currently our time is 100% taken with maintaining the site (which trust me is not trivial) and working on the migration to a new forum (which is a massive task).   We all have real jobs and kids, we're not just sitting on our backsides ignoring you, we're working at our real jobs, fixing this site, ferrying kids around, etc.   We'd love to be able to devote our time exclusively to this but that's just not feasible for now.

Please bear with us, we're doing the best we can and eod that's all we can do.   We understand and share your concerns and we do appreciate you pointing any issues like this out.

Cheers,

Dan
Back to Top
L_____E_____T View Drop Down
User
User
Avatar

Joined: 07 Jun 2019
Status: Offline
Points: 132

Feedback: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote L_____E_____T Quote  Post ReplyReply Direct Link To This Post Posted: 11 Feb 2020 at 12:44pm
 
Not to add undue pressure but the site today auto downloaded a .SWF file on Chrome for me that was deemed unsafe.  
This was after a fresh wipe of Chrome, and happened once I signed in here.  Windows 10 deemed it unsafe so I don't think this is a regular cookie.  

But granted, I am not a web developer etc.

Very much understand the time constraints (I'm in the same boat myself) but I thought this looked new.


Edited by L_____E_____T - 11 Feb 2020 at 12:45pm
www.FamicomWorld.com
Back to Top
Alpha1 View Drop Down
Admin Group
Admin Group
Avatar
Do the Shake and 'VAC

5 Years of Supporting ukvac.com!

5 Years of Supporting ukvac.com!



Joined: 06 Jan 2001
Location: nr Southampton
Status: Offline
Points: 125574

Feedback: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alpha1 Quote  Post ReplyReply Direct Link To This Post Posted: 11 Feb 2020 at 1:13pm
SSL will come back once we've done the forum migration. Which is being worked on. For now if this is a concern use a unique password for VAC.
Wanted: Time Traveller, GALAXIAN 3 THEATER, 80's Namco & Taito games

Back to Top
Eddhorse View Drop Down
User
User
Avatar

Joined: 07 May 2015
Location: Dublin
Status: Offline
Points: 705

Feedback: 0
Post Options Post Options   Thanks (0) Thanks(0)   Quote Eddhorse Quote  Post ReplyReply Direct Link To This Post Posted: 12 Feb 2020 at 11:54am
I also get the SWF flash file download which i decline.
Not sure where that is coming from.

Either way keep up the great work on the site anyways guys :)
Back to Top
big10p View Drop Down
Senior Member
Senior Member
Avatar

Joined: 04 Jul 2014
Location: Somerset
Status: Online
Points: 8874

Feedback: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote big10p Quote  Post ReplyReply Direct Link To This Post Posted: 12 Feb 2020 at 12:01pm
I only get this issue on this thread, due to the non-working video link (I assume).

Edited by big10p - 12 Feb 2020 at 12:03pm
Back to Top
Eddhorse View Drop Down
User
User
Avatar

Joined: 07 May 2015
Location: Dublin
Status: Offline
Points: 705

Feedback: 0
Post Options Post Options   Thanks (0) Thanks(0)   Quote Eddhorse Quote  Post ReplyReply Direct Link To This Post Posted: 12 Feb 2020 at 12:13pm
Ah yes thats the one, makes sense.

The link is https://www.youtube.com/v/VKxcw4MGXxg

And the file downloading is "VKxcw4MGXxg.swf"

So the filename is similar. Needs to use the Youtube tags i guess instead of the iframe tag?


Edited by Eddhorse - 12 Feb 2020 at 12:17pm
Back to Top
L_____E_____T View Drop Down
User
User
Avatar

Joined: 07 Jun 2019
Status: Offline
Points: 132

Feedback: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote L_____E_____T Quote  Post ReplyReply Direct Link To This Post Posted: 12 Feb 2020 at 1:13pm


Odd thing is, I had a .SWF download before landing on this thread - I then came to report it here.

Sounds like it's innocent but like I said I'm not a web developer, just wanted to flag it in case.  
www.FamicomWorld.com
Back to Top
 Post Reply Post Reply Page  12>
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.469 seconds.