Pages: 1 [2]   Go Down
Print
Author Topic: TEF HTTPS Adoption  (Read 1259 times)
Barry Scott


+23/-18
Offline Offline

Posts: 8697




« Reply #15 on: Thursday, November 22, 2018, 22:31:42 »

It might be a case of having to though as adoption nears full scale. Why would you be against something securing the site further? Also why no certificate update, they're easy enough to obtain?

I'll cross the bridge of having to do when I come to it. If it ever becomes a necessary requirement to use the internet, then I'll see. It won't prevent the issues I'm concerned with as we stand. I'm not against it, I just can't be bothered.

I'm not having a go btw, I'm just curious as to why? My only concern is that you seem happy for the site traffic to be diverted anywhere and for any use?

I know you're not having a go, I'm not either. It's a friendly discussion and it's all good. Smiley

Please see bold part of reply above as to why.

And if site traffic is being diverted elsewhere then I'll worry about it when that happens. The scenario you describe will either be a hack server-side, or on a users computer. HTTPS wouldn't prevent either.

Each to their own. I just thought it was an important matter and the users of the site should be aware.

No worries.

You might not care but you have a duty of care to the users of the site, as a minimum.

Nope. People are capable of looking after themselves. I don't need to protect them from the internet boogieman. I have many websites, all of which have survived without SSL for a long time. The same as I have several that get hacked regularly, but for the most part those hacks are completely and utterly inert and none have any affect on users at all.

People scarily don't know enough about this stuff yet are using it every day. On a further note, we could all be being backdoored and not be aware of it.

People don't. But it's nowhere near as bad as you make out. And the the majority of people "being backdoored" from websites are people visiting websites they shouldn't and people with little to no knowledge of computers coupled with going bareback. This isn't 15 years ago when no one had firewalls or antivirus and downloaded screensavers and all manner of crap.

Besides, "being backdoored" wouldn't be stopped by SSL, it'd hopefully be stopped by securing your own computer though.

All the SSL is doing is encrypting the passageway between the user and the server. It doesn't stop the server getting hacked. It doesn't stop the user getting a virus. It doesn't stop the user getting fucked by a hacked site or server. It just means it fucks you while encrypted.
Logged
bamboonoshoe


+76/-173
Offline Offline

Posts: 2553


Chief Feather Ruffler


WWW

Ignore
« Reply #16 on: Thursday, November 22, 2018, 23:57:29 »

Appreciate the time take to reply in fair detail Barry. Something that seems lost in communication these days is an ability to talk at length (yes some may call it rambling) but it is appreciated.

I'll admit, I don't know everything on the matter but I do know two penetration testers and have had discussions at length about "cyber security" with them. I wasn't trying to scaremonger anyone though. I'm aware that there are more resistant systems in place now, than there was before but these kind of things are better to be talked about.

I agree we shouldn't have to hand hold anyone but such as the net is, many competent adults are left unsecured. Don't get me started on some business "cyber security" protocols, as some are pretty much non-existent. I could tell you a story about a tester sat in the CEOs (of a very large company) email inbox and countless others personal info, based purely on a password policy of "CAP-one word-number". I won't though because I'll only bore the crap out of you and anyone else reading.

Thanks again.
Logged

COYR WAPBRAWA COYR
jayohaitchenn
Wielder of the BANHAMMER


+55/-88
Offline Offline

Posts: 10651




« Reply #17 on: Friday, November 23, 2018, 09:31:26 »

Finger on the pulse as alwasy Bamboo.

I raised this with Barry over 2 years ago in the mods forum and we decided then we couldn't be fucked.


* tef.PNG (4.05 KB, 1137x40 - viewed 27 times.)
Logged
horlock07


+31281/-27186
Offline Offline

Posts: 8446


Lives up north




Ignore
« Reply #18 on: Friday, November 23, 2018, 09:49:30 »

I don't want to be backdoored......
Logged
The Artist Formerly Known as Audrey


+59/-91
Offline Offline

Posts: 3617




Ignore
« Reply #19 on: Friday, November 23, 2018, 09:50:31 »

Donít take on so


Logged
bamboonoshoe


+76/-173
Offline Offline

Posts: 2553


Chief Feather Ruffler


WWW

Ignore
« Reply #20 on: Friday, November 23, 2018, 14:20:56 »

Finger on the pulse as alwasy Bamboo.

I raised this with Barry over 2 years ago in the mods forum and we decided then we couldn't be fucked.

Cheers Jayo  Wink

I wasn't aware of the "mods forum". To be honest though, always worth a revisit as many casual internet users aren't aware of this kind of stuff. Even if the implementation has been public for over 4 years.

My last question would be; If you can't be fucked to adopt HTTPS then why have over 85% of sites, to date (static included) been fucked to bother?

Thanks again my good mate Smiley
Logged

COYR WAPBRAWA COYR
Simon Pieman
Original Wanker


+31/-32
Offline Offline

Posts: 36109




« Reply #21 on: Friday, November 23, 2018, 16:18:54 »

There is probably a lot more for Barry to upgrade and implement than simply a few clicks of a button. For one, the TEF's software would need to be upgraded (which may not be a bad thing) but I seem to recall previous upgrades didn't go very smoothly. What we need to remember is that Barry ensures this forum is hosted and maintained all on his own. Other admin/mods just keep the front end tidy (in theory).

Posts may get intercepted in theory, though it would be pretty bizarre if anyone wanted to do that as they are published for all to see anyway i.e. nobody in their right mind would post their credit card details here.

In terms of passwords, all passwords stored in the server are hashed and they are also hashed on the client side at entry so no plain text is sent between the two.

Those are the reasons why it got left last time.
Logged
bamboonoshoe


+76/-173
Offline Offline

Posts: 2553


Chief Feather Ruffler


WWW

Ignore
« Reply #22 on: Friday, November 23, 2018, 16:27:19 »

There is probably a lot more for Barry to upgrade and implement than simply a few clicks of a button. For one, the TEF's software would need to be upgraded (which may not be a bad thing) but I seem to recall previous upgrades didn't go very smoothly. What we need to remember is that Barry ensures this forum is hosted and maintained all on his own. Other admin/mods just keep the front end tidy (in theory).

Posts may get intercepted in theory, though it would be pretty bizarre if anyone wanted to do that as they are published for all to see anyway i.e. nobody in their right mind would post their credit card details here.

In terms of passwords, all passwords stored in the server are hashed and they are also hashed on the client side at entry so no plain text is sent between the two.

Those are the reasons why it got left last time.

Yeah, I appreciate Barry maintains and hosts the TEF by himself. We should all be grateful for that. No question.

RE: Credit card details etc. Of course it would be incredibly naive to post on the main forum but what about those kind of details in Private Messages?  Hmmm

Ok, that gives a bit more clarity on the password side of things, appreciate that.

Thanks Simon.
Logged

COYR WAPBRAWA COYR
pauld


+118/-117
Offline Offline

Posts: 18714





Ignore
« Reply #23 on: Friday, November 23, 2018, 23:30:22 »

RE: Credit card details etc. Of course it would be incredibly naive to post on the main forum but what about those kind of details in Private Messages?  Hmmm
If anyone's stupid enough to post their credit card info in a PM, they need urgent protection and they should immediately post me the details of all their credit cards and bank accounts so I can ensure they are properly protected. I will look after their money for them - I will take great care of it and take it on little trips round the shops.
Logged
bamboonoshoe


+76/-173
Offline Offline

Posts: 2553


Chief Feather Ruffler


WWW

Ignore
« Reply #24 on: Saturday, November 24, 2018, 01:39:10 »

If anyone's stupid enough to post their credit card info in a PM, they need urgent protection and they should immediately post me the details of all their credit cards and bank accounts so I can ensure they are properly protected. I will look after their money for them - I will take great care of it and take it on little trips round the shops.

You say that but... Hmmm
Logged

COYR WAPBRAWA COYR
Pages: 1 [2]   Go Up
Print
Jump to: