Toyota GR86, 86, FR-S and Subaru BRZ Forum & Owners Community - FT86CLUB - View Single Post

PandaSPUR · 01-13-2016, 01:15 AM

lol alright.. calm down guys.

It is weird that passwords arent sent over HTTPS. Doesn't mean that they're not encrypted when stored in the forum's database though. Transferring data over HTTP makes it interceptable if you're on an unsecured network like public wifi hotspots. It is recommended to use separate passwords for your more sensitive accounts though. (i.e. some rando miles away cannot just intercept your password that was sent over HTTP)

And just because the webserver itself is hosted by another company, doesn't mean that FT86SpeedFactory doesn't have any control over the security. More often than not, the security vulnerabilities come from unpatched software being used.

1and1 provides all kinds of web hosting services ranging from turn-key pre-built websites to "here's a server with port 443 and 80 open, deploy whatever you want". I'm assuming a site like FT86SpeedFactory would go with the latter option, meaning they would have full control over their security posture. Even if they did not, I'm sure whatever third-party service they hired to fix this breach would have recommended it.

Shit like this isnt 100% preventable, which is why credit cards have such good fraud protection and you can usually dispute and drop a charge instantly with a phone call. The company will likely get fined for whatever mistakes they made and be required to fix it. Nothing else we can do.

01-13-2016, 01:15 AM	#25
PandaSPUR PandaPandaPandaPandaPanda Join Date: May 2014 Drives: 2015 BRZ Limited CWP Location: New York City, NY Posts: 1,432 Thanks: 776 Thanked 697 Times in 438 Posts Mentioned: 12 Post(s) Tagged: 1 Thread(s)	lol alright.. calm down guys. It is weird that passwords arent sent over HTTPS. Doesn't mean that they're not encrypted when stored in the forum's database though. Transferring data over HTTP makes it interceptable if you're on an unsecured network like public wifi hotspots. It is recommended to use separate passwords for your more sensitive accounts though. (i.e. some rando miles away cannot just intercept your password that was sent over HTTP) And just because the webserver itself is hosted by another company, doesn't mean that FT86SpeedFactory doesn't have any control over the security. More often than not, the security vulnerabilities come from unpatched software being used. 1and1 provides all kinds of web hosting services ranging from turn-key pre-built websites to "here's a server with port 443 and 80 open, deploy whatever you want". I'm assuming a site like FT86SpeedFactory would go with the latter option, meaning they would have full control over their security posture. Even if they did not, I'm sure whatever third-party service they hired to fix this breach would have recommended it. Shit like this isnt 100% preventable, which is why credit cards have such good fraud protection and you can usually dispute and drop a charge instantly with a phone call. The company will likely get fined for whatever mistakes they made and be required to fix it. Nothing else we can do.