• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Completely Unsecured Forum?

Status
Not open for further replies.
D

darkwraith007

Weaksauce
Joined
Apr 15, 2004
Messages
76
Been years since I used [H]ardForums for the first time. I'm much wiser about security than before.

1 - Why isn't the forum login encrypted? At all?
2 - What about the HeartBleed exploit? No info on that either?
3 - How about an option to browser an encrypted (https) version of the forum with a disclaimer that it will be slower than the unencrypted version. Let us make the choice on whether we need it or not. Have an option in the account settings on whether we want to use encryption by default.

Would love a response to this, take care.
 
Thanks for your input. We encrypt all your personal information that we hold on our servers. The simple fact of the matter is that beyond that, the security is not needed.
 
heartbleed only effected those using open-ssl/https, since [H] doesn't use https, I would assume they don't use open-ssl for day to day operation outside of administrative necessity, and even then, they might not.
 
darkwraith007 said:
At the risk of being modded/banned, I'll say it anyways. I frankly don't give a fuck. Just delete this damn account already rather than have it be hijacked later on.

You are *absolutely* and unequivically WRONG and you are a moron if you don't believe encrypting the forum login is a necessity for every forum (let alone ones that deal with and link to shopping websites).

I doubt you actually encrypt information on the servers because cleartext over the internet is a far tastier target for anyone wanting to do any exploits. Nothing is encrypted on the site so it is all open to whoever wants it!

Welcome to 2014, the post-Snowden era. Welcome to the era of govt-funded cyberwarfare that seeks anything and everything to exploit. Welcome to the black-hat bonanza singularity of easy-access software and open information that allows any script kiddie with a laptop and some free time to destroy a great deal of work that many people have put into these forums (via posts/guides) and on your end with the loss of credibility that comes with it.

I'll let you do a quick internet search for just how wrong you are, but you are absolutely dead wrong. I'm absolutely shocked that any forum mod can be that dense in this day and age. Just...wow. I suppose you still think you're perfectly ok running WinXP with IE6? :p

I do hope you change your mind, otherwise a fantastic resource like this may end up becoming dead weight.

Anyone who actually provides any payment info for a premium membership? LOL...good luck with that.

Goodbye and good riddens. :p
Click to expand...
Spelling errors for such a perfectionist?

Are you afraid the man might learn your secrets? Here is your tinfoil hat.

-Sent on my un encrypted, non secure line to a computer forum.
 
Last edited:
vBulletin by default md5 hashes and salt's user info in the database so I think he's fine...
 
Payment for Genmay access happens through PayPal ... that whole process is pretty well encrypted.

On the other hand, are logins really not HTTPS ?? :eek:

oh well. I have a unique password for each and every website anyway. :D
 
darkwraith007 said:
Pissing and moaning
Click to expand...

What a weird way to throw away a 10 year account. Not once in there did you offer something intelligible or useful stating why we need "more encryption." Besides bashing the owner that post provided nothing.
 
darkwraith007 said:
Goodbye and good riddens. :p
Click to expand...

Roger that. Account will be closed.

Paypal handles all the money transactions, not our servers. None of that info is here.

If you use your forum password on your bank account, then I can see an issue with no SSL for logging in, but you really can't hold me accountable for that level of insecurity by a user.

And for the record, it is "goodbye and good riddance." Reading is fundamental.

Thanks for playing. We are all out of parting gifts.
 
I've also wondered why the logon process is not encrypted. In the modern age of the Internet, I think that's standard operating procedure. But I agree that keeping a separate username and password for unencrypted sites is a good idea.
 
Status
Not open for further replies.
Back
Top