Site "Not Secure" - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 21 to 40 of 47
  1. #21
    Join Date
    Jun 2012
    Location
    Suffolk Co, NY, USA
    Posts
    3,626

    Default Re: Site "Not Secure"

    Quote Originally Posted by jcase View Post
    Ah sorry. HTTPS is not worthless at all, it is pretty much the main source of any security for almost all web traffic. Only thing keeping someone from snatching up your bank logins, etc.

    BS not having it means any of the 100s of systems between you and BS could snatch up your BS login details, or read your private messages.
    Post 9 is in response to post 7 but it now sounds as if there may be some value in https on a message board like BS and it's not just for 'sensitive' info sites.
    I'm not capable of evaluating the reasoning put forth in post 7 so must take it at face value.

  2. Remove Advertisements
    BeeSource.com
    Advertisements
     

  3. #22
    Join Date
    Jul 2016
    Location
    Port Angeles, WA, USA
    Posts
    469

    Default Re: Site "Not Secure"

    Quote Originally Posted by clyderoad View Post
    Post 9 is in response to post 7 but it now sounds as if there may be some value in https on a message board like BS then and it's not just for 'sensitive' info sites.
    I'm not capable of evaluating the reasoning put forth in post 7 so must take it at face value.
    I do vulnerability research and exploit development, for forensic firms for a living (I hack things to help recover information). Something left without encryption makes my job a heck of a lot easier. Does the same for people who hack things for malicious purposes.
    Instrumental Insemination & Northern VSH Queens

  4. #23
    Join Date
    Oct 2010
    Location
    Pueblo, Colorado, USA
    Posts
    1,527

    Default Re: Site "Not Secure"

    HTTPS to protect our login info.
    Zone 5 @ 4700 ft. High Desert

  5. #24
    Join Date
    Mar 2007
    Location
    Toronto, Ontario, Canada
    Posts
    328

    Default Re: Site "Not Secure"

    Thanks for your input folks. Again, we do plan on implementing HTTPS on the site, but we are still ironing out some of the details so there is no set ETA as to when it will be added.

    We will let you know when we know more.

    Cheers,

    Erik

  6. #25
    Join Date
    Jun 2013
    Location
    Rensselaer County, NY, USA
    Posts
    5,534

    Default Re: Site "Not Secure"

    Um, a vote here to always consider the "weight" of the site for those of us stuck on low band-width connections, with no other option, not for love nor money. Chief among the current data hogs are heavy ads that push video. I rarely treat myself to any thing like youTube because I just don't have the bandwidth or data capacity (though I have an "unlimited" data plan, which gets throttled down progressively over the course of my billing month.) It realy frost my hide when advertisers use it up for me.

    And another request: I seem to have lost the ability to see the newest threads section that formerly appeared on the page with bee on the purple flower. I had my browser pointing to it, and I get to the page, but the most recent threads space is always blank. I miss that feature as it was how I came to the site each day. I have since found the "new posts" thing, but I like the newest threads better. (Usual report: cleaned cache and cookies, etc., to no avail.)

    Thanks.

    Nancy

  7. #26
    Join Date
    Dec 2008
    Location
    syracuse n.y.
    Posts
    5,232

    Default Re: Site "Not Secure"

    Quote Originally Posted by enjambres View Post
    It realy frost my hide when advertisers use it up for me.
    I'm with Nancy, I have gotten to the point that I only go to a few sites, and the more they use up the less I use, good thing spring is coming so I can spend even more time with the bees.
    mike syracuse ny
    Whatever you subsidize you get more of. Ronald Reagan

  8. #27
    Join Date
    Jul 2016
    Location
    Port Angeles, WA, USA
    Posts
    469

    Default Re: Site "Not Secure"

    Quote Originally Posted by wildbranch2007 View Post
    I'm with Nancy, I have gotten to the point that I only go to a few sites, and the more they use up the less I use, good thing spring is coming so I can spend even more time with the bees.
    Quote Originally Posted by enjambres View Post
    Um, a vote here to always consider the "weight" of the site for those of us stuck on low band-width connections, with no other option, not for love nor money. Chief among the current data hogs are heavy ads that push video. I rarely treat myself to any thing like youTube because I just don't have the bandwidth or data capacity (though I have an "unlimited" data plan, which gets throttled down progressively over the course of my billing month.) It realy frost my hide when advertisers use it up for me.

    And another request: I seem to have lost the ability to see the newest threads section that formerly appeared on the page with bee on the purple flower. I had my browser pointing to it, and I get to the page, but the most recent threads space is always blank. I miss that feature as it was how I came to the site each day. I have since found the "new posts" thing, but I like the newest threads better. (Usual report: cleaned cache and cookies, etc., to no avail.)

    Thanks.

    Nancy
    https won't add a noticeable overhead bandwidth wise, possibly CPU Wise if you are using some 20year old computer or something ridiculous. The overhead of https is less than 2%, you would do better disabling images in your browser, blocking ads, uninstalling flash, or a dozen other things.
    Instrumental Insemination & Northern VSH Queens

  9. #28
    Join Date
    Jun 2013
    Location
    Rensselaer County, NY, USA
    Posts
    5,534

    Default Re: Site "Not Secure"

    Well, my only computer is an older Dell business laptop (but not really old), very sturdy and with pretty lively guts and I have done most of those things you suggest already, but still the internet is getting more heavy by the day. I hate the planned obsolescence of computers. Heck, I don't even have a cell phone. (Not that it would do me any good as I have no reception at my house.)

    Nancy

  10. #29
    Join Date
    Jul 2016
    Location
    Port Angeles, WA, USA
    Posts
    469

    Default Re: Site "Not Secure"

    Quote Originally Posted by enjambres View Post
    Well, my only computer is an older Dell business laptop (but not really old), very sturdy and with pretty lively guts and I have done most of those things you suggest already, but still the internet is getting more heavy by the day. I hate the planned obsolescence of computers. Heck, I don't even have a cell phone. (Not that it would do me any good as I have no reception at my house.)

    Nancy
    Nancy,

    https is the last thing that should be of worry regarding that
    Instrumental Insemination & Northern VSH Queens

  11. #30
    Join Date
    Mar 2007
    Location
    Toronto, Ontario, Canada
    Posts
    328

    Default Re: Site "Not Secure"

    Not much to add at the moment. Seems we're more into the debate, which always makes for an interesting read.

    On our side of things, it's proceeding at pace. We have our fist successful implementation of SSL onto one of our sites recently, so hopefully that means an official roll out schedule will be following soon

    Kevin

  12. #31
    Join Date
    Jan 2015
    Location
    Penobscot County, ME, USA
    Posts
    1,206

    Default Re: Site "Not Secure"

    Quote Originally Posted by rwurster View Post
    HTTPS to protect our login info.
    Hackers steal 45 million VerticalScope accounts

    https://nakedsecurity.sophos.com/201...cope-accounts/
    If you want to be successful, study successful people and do what they do.
    Zone 4a/b

  13. #32
    Join Date
    Mar 2007
    Location
    Toronto, Ontario, Canada
    Posts
    328

    Default Re: Site "Not Secure"

    Quote Originally Posted by BadBeeKeeper View Post
    Hackers steal 45 million VerticalScope accounts

    https://nakedsecurity.sophos.com/201...cope-accounts/
    That was a DB smash and grab from a third party partner we have. SSL would not have prevented that.

    Kyle

  14. #33
    Join Date
    Jul 2016
    Location
    Port Angeles, WA, USA
    Posts
    469

    Default Re: Site "Not Secure"

    Quote Originally Posted by Admin View Post
    That was a DB smash and grab from a third party partner we have. SSL would not have prevented that.

    Kyle
    No, but it shows some security preparedness issues, same thing running without ssl shows. While I have you here, I'm assuming beesource wasn't included in this breach?
    Instrumental Insemination & Northern VSH Queens

  15. #34
    Join Date
    Oct 2010
    Location
    Pueblo, Colorado, USA
    Posts
    1,527

    Default Re: Site "Not Secure"

    Both of the major VerticalScope hacks happened before they acquired BeeSource. Made me wonder though why everyones login and pw were in a central db and not local to each respective forum.
    Zone 5 @ 4700 ft. High Desert

  16. #35
    Join Date
    Jul 2016
    Location
    Port Angeles, WA, USA
    Posts
    469

    Default Re: Site "Not Secure"

    Quote Originally Posted by rwurster View Post
    Both of the major VerticalScope hacks happened before they acquired BeeSource. Made me wonder though why everyones login and pw were in a central db and not local to each respective forum.
    It makes more economical and security sense to run it in one database, assuming it is setup properly.
    Instrumental Insemination & Northern VSH Queens

  17. #36
    Join Date
    Mar 2007
    Location
    Toronto, Ontario, Canada
    Posts
    328

    Default Re: Site "Not Secure"

    We don't keep all of our sites on the same server. We have lots of servers available

    As Kyle said, it was done through a 3rd party partner, which had access to the info on several servers. We've made changes since then, and continue to improve security on our end. SSL is more of a front end security feature, surface level, and while it will be useful to have, is still more of a "would be nice" security feature then a "essential" one.

    Kevin

  18. #37
    Join Date
    Jul 2016
    Location
    Port Angeles, WA, USA
    Posts
    469

    Default Re: Site "Not Secure"

    Quote Originally Posted by Admin View Post
    We don't keep all of our sites on the same server. We have lots of servers available

    As Kyle said, it was done through a 3rd party partner, which had access to the info on several servers. We've made changes since then, and continue to improve security on our end. SSL is more of a front end security feature, surface level, and while it will be useful to have, is still more of a "would be nice" security feature then a "essential" one.

    Kevin
    Kevin,

    As a security professional, that is absolutely not something I would dare be quoted saying. I wouldn't dare be caught saying it was a system or forum admin either! Stating that SSL is a "would be nice" rather than an "essential" security feature is a ridiculous statement.

    It may be a would be nice for you, but lack of it shows a disregard for your users. I'm assuming you understand the purpose of SSL here, so you know darn well what risks you are placing on us by not having it. Some of us pay money to use aspects of your site to conduct business, at the very least we should have access to SSL (Everyone should).

    At least you are hashing the password client side.
    Instrumental Insemination & Northern VSH Queens

  19. #38
    Join Date
    Mar 2007
    Location
    Toronto, Ontario, Canada
    Posts
    328

    Default Re: Site "Not Secure"

    Quote Originally Posted by jcase View Post
    Kevin,

    As a security professional, that is absolutely not something I would dare be quoted saying. I wouldn't dare be caught saying it was a system or forum admin either! Stating that SSL is a "would be nice" rather than an "essential" security feature is a ridiculous statement.

    It may be a would be nice for you, but lack of it shows a disregard for your users. I'm assuming you understand the purpose of SSL here, so you know darn well what risks you are placing on us by not having it. Some of us pay money to use aspects of your site to conduct business, at the very least we should have access to SSL (Everyone should).

    At least you are hashing the password client side.
    Payments are all handled by paypal and SSL, not the site. We do not handle or store any of the information related to your payments on the site other than confirming you paid via paypal to use the classifieds.
    -Philip

  20. #39
    Join Date
    Jul 2016
    Location
    Port Angeles, WA, USA
    Posts
    469

    Default Re: Site "Not Secure"

    Quote Originally Posted by Admin View Post
    Payments are all handled by paypal and SSL, not the site. We do not handle or store any of the information related to your payments on the site other than confirming you paid via paypal to use the classifieds.
    -Philip
    Philip,

    I didn't say anything about payments. You allow people to pay to post ads, and do other business here. I'm one of those people. The login forms for this site are NOT SSL. Stop pretending you offer reasonable security, you don't. There is ZERO reason today that a site shouldn't offer https, zero.

    Your outfit literally called SSL a "would be nice feature". This kind of attitude is exactly why your database got leaked.
    Instrumental Insemination & Northern VSH Queens

  21. #40
    Join Date
    Oct 2010
    Location
    Pueblo, Colorado, USA
    Posts
    1,527

    Default Re: Site "Not Secure"

    Quote Originally Posted by Admin View Post
    That was a DB smash and grab from a third party partner we have. SSL would not have prevented that. Kyle
    Was this 3rd party "partner" held accountable for their actions? Because every article on the 45 million users who lost data the first time, and the 2.7 million users who lost data the second time, never once mentioned that anyone was caught or prosecuted for these hacks. Every article did say the data was "up for sale" both times.

    "In its official statement to Krebs, Vertical Scope noted that the intruders obtained access to all individual websites files but did not provide exclusive details about who conducted the attack and when did the data breach occur."

    So stealing data is ok from your partners or kyle is full of "it" or what's the deal? And then there's the malicious advertisements. Almost every time I've encountered malicious advertisements, I've been on a sketchy site to begin with. Which begs the question, do you guys care about your users? Because Kyle knows one of the data breaches was from a 3rd party partner who tried to sell said data and suffered no consequences for their actions.
    Seems more like the VerticalScope team is just blowing smoke and doesn't have anything under control, specifically their users interests in keeping their personal data safe. And that's my concern, my personal data.

    Then there's the malicious ads...
    Last edited by rwurster; 04-04-2018 at 06:44 PM.
    Zone 5 @ 4700 ft. High Desert

Page 2 of 3 FirstFirst 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •