ukVac.com Homepage
Forum Home Forum Home > Forum Info > Suggestions / Bugs / Problems / Help!
  New Posts New Posts RSS Feed - HTTPS removed - passwords unsafe
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Skin:


HTTPS removed - passwords unsafe

 Post Reply Post Reply
Author
Message
Nes4life View Drop Down
Senior Members
Senior Members
Avatar

4 Years of Supporting ukvac.com!

4 Years of Supporting ukvac.com!



Joined: 02 Jan 2014
Location: Ashford, Kent
Status: Offline
Points: 12982

Feedback: 5
Post Options Post Options   Thanks (1) Thanks(1)   Quote Nes4life Quote  Post ReplyReply Direct Link To This Post Topic: HTTPS removed - passwords unsafe
    Posted: 22 Jul 2019 at 9:17am
I'd like to ask what is being done to add HTTPS back to the forum? 

I understand there was an issue a while back but completely removing HTTPS means that anyone entering their password into the site on a public wifi or network is essentially broadcasting their login details to everyone on that network (packet sniffers are trivial to install and use). Think about that next time you're in StarBucks, at an airport or a train station!

I know this isn't a banking site but I'm sure there's a good number of people reusing a common password that would get you into their email account for example. If you're such a person please read: https://grynersec.com/choosing-secure-memorable-passwords/

This forum is awesome but let's make it secure. I've now made the announcement but it would've been a nice courtesy if someone on the admin team had done so when HTTPS was removed and left as a sticky warning at the top of the site (apologies if this was explained somewhere but I've missed it).

EDIT: Found the thread where I believe HTTPS was removed to resolve the issue. Let's get a proper fix in. http://www.ukvac.com/forum/security-warning-on-mozilla-mac_topic356801.html


Edited by Nes4life - 22 Jul 2019 at 9:20am
NES4Life
-------------
Back to Top
devtty0 View Drop Down
User
User


Joined: 12 Apr 2013
Status: Offline
Points: 444

Feedback: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote devtty0 Quote  Post ReplyReply Direct Link To This Post Posted: 22 Jul 2019 at 9:26am
For adding trusted,  free certificates https://letsencrypt.org/ works well, and is well established now
wanted :
sega model 3 racing games
namco system 22 racing games
model 3 to naomi psu adapter
Back to Top
bobbydilley View Drop Down
User
User
Avatar

Joined: 31 Jul 2016
Location: Southampton
Status: Offline
Points: 216

Feedback: 0
Post Options Post Options   Thanks (0) Thanks(0)   Quote bobbydilley Quote  Post ReplyReply Direct Link To This Post Posted: 22 Jul 2019 at 10:54am
or using Cloudflare would allow you to use HTTPS from client to cloudflare (simply a change of nameservers and it's setup automatically, and no setup on the webserver), and would cache the static parts of the site on their CDN so might even make it a bit more snappy.
https://dilley.uk/arcade
Back to Top
Stevros View Drop Down
User
User
Avatar

Joined: 22 Jun 2012
Location: New Brighton
Status: Offline
Points: 2037

Feedback: 0
Post Options Post Options   Thanks (0) Thanks(0)   Quote Stevros Quote  Post ReplyReply Direct Link To This Post Posted: 22 Jul 2019 at 11:01am
Or you could just stay logged in?
WANTED Space invaders PCB Please inbox me!
Back to Top
bobbydilley View Drop Down
User
User
Avatar

Joined: 31 Jul 2016
Location: Southampton
Status: Offline
Points: 216

Feedback: 0
Post Options Post Options   Thanks (0) Thanks(0)   Quote bobbydilley Quote  Post ReplyReply Direct Link To This Post Posted: 22 Jul 2019 at 6:26pm
Leaving the site as http doesn’t just effect username/password plain text logins, it opens up other problems such as MITM attacks allowing public WiFi etc. to insert adverts, cryptominers, popups etc.
https://dilley.uk/arcade
Back to Top
r-type View Drop Down
User
User
Avatar

Joined: 26 Mar 2012
Location: Buckingham
Status: Offline
Points: 185

Feedback: 5
Post Options Post Options   Thanks (1) Thanks(1)   Quote r-type Quote  Post ReplyReply Direct Link To This Post Posted: 24 Oct 2019 at 7:57pm
Is there any news on this subject? - Be good to get things locked down properly.

Back to Top
Nes4life View Drop Down
Senior Members
Senior Members
Avatar

4 Years of Supporting ukvac.com!

4 Years of Supporting ukvac.com!



Joined: 02 Jan 2014
Location: Ashford, Kent
Status: Offline
Points: 12982

Feedback: 5
Post Options Post Options   Thanks (2) Thanks(2)   Quote Nes4life Quote  Post ReplyReply Direct Link To This Post Posted: 24 Oct 2019 at 8:36pm
https://doesmysiteneedhttps.com

Please sort this out. Please.
No, seriously.

Edited by Nes4life - 24 Oct 2019 at 8:44pm
NES4Life
-------------
Back to Top
digweed View Drop Down
User
User
Avatar

Joined: 16 May 2015
Location: Bournemouth
Status: Offline
Points: 1283

Feedback: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote digweed Quote  Post ReplyReply Direct Link To This Post Posted: 25 Oct 2019 at 3:26pm
^^ this Thumbs Up
Wanted: Space
Back to Top
Chunksin View Drop Down
Senior Member
Senior Member
Avatar

5 Years of Supporting ukvac.com!

5 Years of Supporting ukvac.com!



Joined: 28 May 2012
Location: Birmingham
Status: Online
Points: 14448

Feedback: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote Chunksin Quote  Post ReplyReply Direct Link To This Post Posted: 25 Oct 2019 at 4:22pm
If setting up letsencrypt/certbot is too much of a hassle, how about https://comodosslstore.com/uk/positivessl.aspx - £22 for 4 years, I'll offer to pay if that helps!
Back to Top
funhouse View Drop Down
Senior Member
Senior Member
Avatar

4 Years of Supporting ukvac.com!

4 Years of Supporting ukvac.com!



Joined: 28 Mar 2016
Location: West London
Status: Offline
Points: 10994

Feedback: 5
Post Options Post Options   Thanks (0) Thanks(0)   Quote funhouse Quote  Post ReplyReply Direct Link To This Post Posted: 12 Nov 2019 at 7:42pm
I see a new 'Secure Site' logo on the left bottom side of the front page but clicking for me goes to:

File Not Found

The requested URL /vulnerability-scanner-verification/www.ukvac.com was not found on this server.

Are we headed for HTTPS sometime soon?

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 1.672 seconds.