|
|
02-21-2019, 11:54 AM
|
#41
|
Member
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
|
Quote:
Originally Posted by Glenn Baglo
I have a different password for my banking. Another for any site involving potential purchases and another for social media.
Simple as that.
|
Good Glen...then you are safe!
|
|
|
02-21-2019, 12:07 PM
|
#42
|
Member
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
|
Quote:
Originally Posted by Daniel A.
The lock symbol you sometimes see in your browser bar, refers to financial transaction security. We don't take any payments on this website, so that's technically unnecessary.
|
Incorrect. it means that the data transmission between the browser and server is encrypted. This is of course important for financial transactions, but for the reason that your credentials are being passed in plain text for the bad folks to read should they choose to. As I've said - exposed credentials leaves users of this site potentially vulnerable on other sites.
Quote:
Originally Posted by Daniel A.
The only time you need to worry is when you try to visit a site and get a full page block telling you that the website is trying to steal your information and not to proceed further. That means the website is hacked and/or malicious and you should definitely not visit.
|
I'm sorry, but you do not understand web security. Yes..you should avoid those pages, but data and identity theft are very different from infected sites or sites known to have contained infected files. The latter is virus/malware related and the former is not at all. What I am talking about has nothing to do with you r I going to infected sites - it's about credentials that can be stolen and used to hack into your accounts elsewhere - not at all virus/malware related.
Quote:
Originally Posted by Daniel A.
A "not secure" warning in the address bar of the browser is a totally different thing.It just means you should not be inputting sensitive information like your credit card number. That is standard web smarts. Never give anyone your CC number without a lock sign in the address bar.
|
Now you're talking, but you need to add to that - "don't provide your credentials either".
Quote:
Originally Posted by Daniel A.
Web protocol is shifting and trying to get everyone to switch to https security (the lock symbol in your browser bar).
|
It has shifted and this is NOT about getting anyone using your site to do anything different. It has to do with you guys making sure the web server your site runs in forces the URL to switch to HTTPS if someone tries to visit the page with HTTP. As I've already said - a setting in IIS can be changed and then HTTPS (SSL) if forced site wide. Then things are secure...nobody can accidentally end up submitting sensitive data via an unencrypted connection.
Quote:
Originally Posted by Daniel A.
Having a good anti-virus program on your computer ie I use Kaspersky plus changing passwords for different sites will go a long way.
|
Good advice for sure, but what about the responsibility of the site owners to not have security holes in the first place??
|
|
|
02-21-2019, 12:17 PM
|
#43
|
Member
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
|
Insecure login
It would appear some changes have been made since last night - the insecure vBulletin login page "http://www.fiberglassrv.com/forums/login.php" now redirects to "http://www.fiberglassrv.com/forums".
I pulled the above insecure URL from my browser history from last night - proving I visited that page yesterday without being redirected.
See the attached screenshots of proof that SSL is not being forced and a user can end up on an insecure login page - note the http and the lock with a line through it in my address bar.
|
|
|
02-21-2019, 12:27 PM
|
#44
|
member
Name: J
Isle of Wight
Posts: 536
|
Quote:
Originally Posted by CarefreeLad
It would appear some changes have been made since last night - the insecure vBulletin login page "http://www.fiberglassrv.com/forums/login.php" now redirects to "http://www.fiberglassrv.com/forums".
I pulled the above insecure URL from my browser history from last night - proving I visited that page yesterday without being redirected.
See the attached screenshots of proof that SSL is not being forced and a user can end up on an insecure login page - note the http and the lock with a line through it in my address bar.
|
I just went to view that screenshot - but I was not logged in.
I was asked to log in on an unsecure page..... and it asked for a user ID.
What is going on?
|
|
|
02-21-2019, 12:34 PM
|
#45
|
Member
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
|
Quote:
Originally Posted by widgetwizard
I just went to view that screenshot - but I was not logged in.
I was asked to log in on an unsecure page..... and it asked for a user ID.
What is going on?
|
Exactly!! I think there are still links to force logon that take you to that insecure page that asks for user ID. What you found is the page I can no longer get to - the vBulletin login that asks for User ID.
If you can reproduce that....please post the login form URL Widget.
Thanks for the confirmation Widget!
|
|
|
02-21-2019, 12:37 PM
|
#46
|
member
Name: J
Isle of Wight
Posts: 536
|
Quote:
Originally Posted by CarefreeLad
Exactly!! I think there are still links to force logon that take you to that insecure page that asks for user ID. What you found is the page I can no longer get to - the vBulletin login that asks for User ID.
If you can reproduce that....please post the login form URL Widget.
Thanks for the confirmation Widget!
|
Here is a screenshot....
|
|
|
02-21-2019, 12:47 PM
|
#47
|
Member
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
|
Thanks! - so that's 2 insecure forms in the wild, but what do I know huh
|
|
|
02-21-2019, 01:19 PM
|
#48
|
Administrator
Trailer: Argosy
Posts: 2,256
|
Thanks for the additional screen shots - looking at this now.
|
|
|
02-21-2019, 01:41 PM
|
#49
|
Member
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
|
Quote:
Originally Posted by Janet H
Thanks for the additional screen shots - looking at this now.
|
Anytime Janet - 25 years in the game!
I've learned a few things - been at it since the early side of the mid-90s - seen the dot com bubble form and burst and had a Palm Pilot when nobody knew what the heck they were - handled sensitive data for governments and industry.
Take care
-Bryan
|
|
|
02-21-2019, 03:29 PM
|
#50
|
Senior Member
Name: Daniel A.
Trailer: Bigfoot 17.0 1991 dlx
British Columbia
Posts: 741
|
Quote:
Originally Posted by CarefreeLad
Anytime Janet - 25 years in the game!
I've learned a few things - been at it since the early side of the mid-90s - seen the dot com bubble form and burst and had a Palm Pilot when nobody knew what the heck they were - handled sensitive data for governments and industry.
Take care
-Bryan
|
OH BOY, there is something called social skills.
|
|
|
02-21-2019, 04:04 PM
|
#51
|
Member
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
|
Quote:
Originally Posted by Daniel A.
OH BOY, there is something called social skills.
|
So I guess pointing out site flaws and giving advice as to how to fix them, then taking flac for it is anti-social huh. Nice attitude
I was expressing my years of experience doing things that clearly the admins here have not. How is that a social skills issue? I'm offering my help and getting spit on for it.
I am not bot blame - the owners of this site are for failing to properly protect the data of there users here while saying security and privacy are important here.
What the do we say about a "senior member" who gives false information to the users about security - have a look in a mirror Daniel - you are uninformed and making things worse - why freak out at me as opposed to benefit from what I know??
If you guys want some help - more than happy - if not - fine by me.
To other members - PM if you'd like to understand this better - no problem...glad to help as you have helped me.
|
|
|
02-21-2019, 09:27 PM
|
#52
|
Senior Member
Name: Paul
Trailer: '04 Scamp 19D, TV:Tacoma 3.5L 4door, SB
Colorado
Posts: 1,845
|
Everybody has a different way of communicating and being direct, even blunt and referring to one's experience is not bragging or a lack of social skills. I think Bryan is right in this argument and his help should be welcomed.
I see it this way: anything that resembles a form to be filled out on a web page can be a target. It already says "username" and "password", so it should be easy to harvest, if not secure. Same goes for e-mail addresses and phone numbers. How many times do the moderators have to remind people to not use the @ and . symbols pattern, and at least write out the phone numbers in words (misspelling might even improve security). To communicate those items is what the PM system is for, and it most probably is secure (I have not checked, though). Many years before I started to hang out here, this forum was maliciously destroyed, I heard. Let's hope the users and the forum will remain safe.
|
|
|
02-22-2019, 10:09 AM
|
#53
|
Member
Name: Bryan
Trailer: Carefree
British Columbia
Posts: 94
|
Quote:
Originally Posted by Paul O.
Everybody has a different way of communicating and being direct, even blunt and referring to one's experience is not bragging or a lack of social skills. I think Bryan is right in this argument and his help should be welcomed.
I see it this way: anything that resembles a form to be filled out on a web page can be a target. It already says "username" and "password", so it should be easy to harvest, if not secure. Same goes for e-mail addresses and phone numbers. How many times do the moderators have to remind people to not use the @ and . symbols pattern, and at least write out the phone numbers in words (misspelling might even improve security). To communicate those items is what the PM system is for, and it most probably is secure (I have not checked, though). Many years before I started to hang out here, this forum was maliciously destroyed, I heard. Let's hope the users and the forum will remain safe.
|
Thanks Paul - blunt is indeed my middle name ....although much more so in situations like this when I see folks are in potential jeopardy.
For the record....it's safest to simply have SSL applied and forced for the entire site. There was a time long ago that would have slowed down the site - no more. You can try and cherry pick every vulnerable page or just go all in - no cost difference, but simpler and more effective. Given the admins didn't even know this was going on - all in sounds best for sure.
Take care
-Bryan
|
|
|
02-22-2019, 12:56 PM
|
#54
|
Senior Member
Name: Jason
Trailer: Egg Camper
Tennessee
Posts: 329
|
Quote:
Originally Posted by Janet H
There is no place on the site you should be entering a username and password to login if you are using the full browser version of the site. You should always be entering e-mail and password to login.
|
Sorry to sidetrack this discussion on SSL, but WHY did we change from screen name to email for login? It's been a pain in the arse.
Jason
|
|
|
02-22-2019, 04:31 PM
|
#55
|
Senior Member
Trailer: Escape 17 ft
Posts: 8,317
|
Why is it a pain? Log in with your email, click the remember me box and don't log out.
Works for me.
__________________
What happens to the hole when the cheese is gone?
- Bertolt Brecht
|
|
|
02-22-2019, 05:49 PM
|
#56
|
Senior Member
Trailer: 13 ft Scamp
Posts: 1,773
|
I agree w/ Glen
Easy peezy
Can’t believe this thread is still an issue
|
|
|
02-25-2019, 09:53 AM
|
#57
|
Senior Member
Name: Jason
Trailer: Egg Camper
Tennessee
Posts: 329
|
Hmm, seems like it's time to stop visiting and get rid of my account.
Jason
|
|
|
02-26-2019, 04:30 PM
|
#58
|
Senior Member
Name: Fredrick
Trailer: Escape 21C
Tennessee
Posts: 322
|
Sign in woes
I too have been having to login 3-4 tries for the last month. I seem to get Wrong password memos time after time
|
|
|
02-26-2019, 04:45 PM
|
#59
|
Senior Member
Name: Gordon
Trailer: 2015 Scamp (16 Std Layout 4) with '15 Toyota Sienna LE Tug
North Carolina
Posts: 5,155
|
Quote:
Originally Posted by SilverGhost
Sorry to sidetrack this discussion on SSL, but WHY did we change from screen name to email for login? ...
|
See http://www.fiberglassrv.com/forums/f...oon-87191.html
|
|
|
02-26-2019, 05:34 PM
|
#60
|
Senior Member
Trailer: Escape 17 ft
Posts: 8,317
|
Quote:
Originally Posted by Fred762
I too have been having to login 3-4 tries for the last month. I seem to get Wrong password memos time after time
|
Simple solution. Next time you get logged on, don't log out, ever.
__________________
What happens to the hole when the cheese is gone?
- Bertolt Brecht
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Thread Tools |
Search this Thread |
|
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
Similar Threads
|
Thread |
Thread Starter |
Forum |
Replies |
Last Post |
Furnace Lighting Procedure
|
Huck |
Care and Feeding of Molded Fiberglass Trailers |
7 |
04-11-2014 03:25 PM |
Selling Procedure
|
CarolMarie |
Money Matters |
30 |
04-26-2013 06:49 PM |
Furnace procedure
|
Shaidah |
Care and Feeding of Molded Fiberglass Trailers |
22 |
09-20-2011 08:55 AM |
Sign
|
Legacy Posts |
Jokes, Stories & Tall Tales |
14 |
05-11-2003 09:26 AM |
Sign from God
|
Legacy Posts |
Jokes, Stories & Tall Tales |
10 |
01-22-2003 08:48 PM |
|
» Recent Discussions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
» Upcoming Events |
No events scheduled in the next 465 days.
|
|