11-09-2017, 11:03 AM | #15 | |
Member
Join Date: Aug 2016
Drives: Red 2013 BRZ Premium 6MT
Location: Chicago, IL
Posts: 58
Thanks: 13
Thanked 24 Times in 16 Posts
Mentioned: 1 Post(s)
Tagged: 0 Thread(s)
|
Quote:
So for example, I just met up with somebody from the forums last night. It could have been a gang that fed me a false location and phone number by intercepting my request to the server to load the message that he gave me and modified it before it was displayed on my screen, and then stabbed me and took my car after meeting up somewhere. Extreme example, but there are creative people that could probably find a successful way to take advantage of members. Historically there have been many, many creative abuses of sites that do not use HTTPS and they vary vastly beyond stealing passwords. |
|
The Following 2 Users Say Thank You to runfrodorun For This Useful Post: | spike021 (11-11-2017), Ultramaroon (11-09-2017) |
11-09-2017, 12:12 PM | #16 |
Senior Member
Join Date: Jul 2014
Drives: 2013 Satin White Pearl BRZ Limited
Location: Thousand Oaks
Posts: 132
Thanks: 11
Thanked 36 Times in 25 Posts
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
|
VPNs and Password Managers for the win. I don't have any duplicate passwords, it's beautiful.
That said, I agree. Should be HTTPS. |
The Following 2 Users Say Thank You to Skeneypoo For This Useful Post: | ScoobsMcGee (11-10-2017), why? (10-08-2018) |
11-09-2017, 02:22 PM | #17 |
義理チョコ
Join Date: Sep 2014
Drives: a 13 e8h frs
Location: vantucky, wa
Posts: 31,865
Thanks: 52,120
Thanked 36,513 Times in 18,917 Posts
Mentioned: 1106 Post(s)
Tagged: 9 Thread(s)
|
It's always the damn Russians.
__________________
|
The Following User Says Thank You to Ultramaroon For This Useful Post: | Tcoat (11-10-2017) |
11-10-2017, 07:51 PM | #18 |
Senior Member
Join Date: Mar 2013
Drives: 2019 Mazda Miata RF
Location: Earth
Posts: 2,105
Thanks: 979
Thanked 1,317 Times in 736 Posts
Mentioned: 23 Post(s)
Tagged: 1 Thread(s)
|
fwiw I use the https everywhere plugin, and ssl on my own NAS.
I agree, anything with a password should use https. |
11-13-2017, 10:44 PM | #19 |
Sporadic Member
Join Date: Nov 2015
Drives: 2016 Halo FR-S M/T
Location: Earth
Posts: 3,145
Thanks: 5,221
Thanked 3,552 Times in 1,746 Posts
Mentioned: 50 Post(s)
Tagged: 33 Thread(s)
|
I actually had this same concern a year ago when this was brought up on the thread concerning the hack on JB Autosport's network.
I ran Wireshark (on a private network of course - NEVER on a public network) to see if I could sniff my password from the packets. Interestingly, what I found was that the password was still somehow encrypted. Maybe this was due to other factors I wasn't aware about, but I was pretty surprised. I think HTTPS is a good idea, but with that said, a lot of people don't really see this as an issue since for them, it's just a forum account with no personal information. As long as people aren't reusing passwords, they should be fine. |
02-25-2018, 05:03 PM | #20 |
Member
Join Date: Feb 2018
Drives: Honda Accord
Location: Laurel, MD
Posts: 12
Thanks: 11
Thanked 1 Time in 1 Post
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
|
Looks like this issue is still not resolved. Looks like this site may not be managed on a continual basis - perhaps someone set it up and then its running purely on user posts to forums.
|
02-25-2018, 11:07 PM | #21 | |
Undisputed El Presidente
Join Date: Jun 2012
Drives: Zenki 37J ZN6
Location: Stockton, CA
Posts: 11,571
Thanks: 9,382
Thanked 9,397 Times in 5,261 Posts
Mentioned: 374 Post(s)
Tagged: 33 Thread(s)
|
Quote:
|
|
02-25-2018, 11:35 PM | #22 | |
Site Moderator
Join Date: Oct 2009
Drives: ichi 86 Project
Location: Middle of No where
Posts: 20,965
Thanks: 7,663
Thanked 19,051 Times in 8,326 Posts
Mentioned: 677 Post(s)
Tagged: 27 Thread(s)
|
Quote:
|
|
02-26-2018, 08:09 AM | #23 |
Senior Member
Join Date: Jul 2014
Drives: 2020 Hakone
Location: London, Ont
Posts: 69,845
Thanks: 61,656
Thanked 108,283 Times in 46,456 Posts
Mentioned: 2495 Post(s)
Tagged: 50 Thread(s)
|
And the person hiding behind a new user name instead of using their normal one is worried about it? Paranoid much?
__________________
Racecar spelled backwards is Racecar, because Racecar.
|
02-26-2018, 10:53 AM | #24 |
Member
Join Date: Feb 2018
Drives: Honda Accord
Location: Laurel, MD
Posts: 12
Thanks: 11
Thanked 1 Time in 1 Post
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
|
Well everyone here has a pseudonym so you dont have to be sarcastic about me hiding behind a new user name. When I login using firefox it warns the password is not encrypted, and https does not work. I agree that there is nothing confidential here and I don't use common passwords on different sites - so it is not a show stopper
|
02-26-2018, 11:11 AM | #25 | |
Senior Member
Join Date: Jul 2014
Drives: 2020 Hakone
Location: London, Ont
Posts: 69,845
Thanks: 61,656
Thanked 108,283 Times in 46,456 Posts
Mentioned: 2495 Post(s)
Tagged: 50 Thread(s)
|
Quote:
__________________
Racecar spelled backwards is Racecar, because Racecar.
|
|
02-27-2018, 04:01 PM | #26 |
Junior Senior with Cheese
Join Date: Aug 2014
Drives: 15 BRZ
Location: York, PA
Posts: 2,998
Thanks: 6,795
Thanked 7,013 Times in 2,337 Posts
Mentioned: 13 Post(s)
Tagged: 2 Thread(s)
|
To be fair, a poorly managed HTTPS site doesn't offer that much more security than plain text, while increasing the complexity. SSL or TLSv1.0 encryption isn't too difficult to attack given the proper circumstances. Unless Hachi or FT-HS go all-in on properly locking down and maintaining the site, simply getting a cert and enabling HTTPS is setting things up to break once that cert expires. Not much else.
|
The Following 3 Users Say Thank You to ScoobsMcGee For This Useful Post: |
|
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Does ft86club.com support secure https:// ? | jonnyozero3 | Site Announcements / Questions / Issues | 0 | 04-30-2015 01:16 PM |
https://scontent-a-atl.xx.fbcdn.net/hphotos-xfa1/v/t1.0-9/1796528_366899856806734_765 | jhusey | Forced Induction | 4 | 11-05-2014 09:32 PM |