CKA Forums
Login 
canadian forums
bottom
 
 
Canadian Forums

Author Topic Options
Online
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63925
PostPosted: Thu Apr 20, 2017 8:59 am
 


The conservative web site Free Republic today removed a post from one of their users who complained about several security issues on the site.

The comment from the administrator who removed the post was, "Loose lips sink ships".

Which does fuck all to address the critical security problems on the site.

To defy the pathetic attempt to cover up and censor a legitimate concern about security on that site I am reposting the post here so it will be searchable on the web.

Quote:
FR needs a security overhaul!
20 April 2017 | Rarest IA

Posted on ‎4‎/‎20‎/‎2017‎ ‎8‎:‎39‎:‎56‎ ‎AM by rarestia

Many of us in the IT industry love FR and browse regularly. However, as an IT security professional and a strong supporter of Internet privacy, I need to start asking that FR's technical team evaluate and upgrade their web security.

FR does not use SSL/TLS to secure our connectivity. This means that everything you do on FR, even your login, is passed in clear text. Further, the certificates used to secure the donation page are using TLS1.0 which is sorely out-of-date and a known attack vector for hackers and thieves.

Please JimRob and the rest of the FR IT team, update your security! I may continue to browse, but I cannot donate to your site if you don't upgrade your certificates. I value my privacy and my bank account too much to risk putting my card numbers across an insecure channel!


Online
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63925
PostPosted: Thu Apr 20, 2017 9:01 am
 


I do not see such issues on CKA although I would love to see the site change from HTTP to HTTPS to prevent passwords and user identities from being intercepted.


Offline
CKA Moderator
CKA Moderator
User avatar
Profile
Posts: 33963
PostPosted: Thu Apr 20, 2017 9:13 am
 


BartSimpson wrote:
I do not see such issues on CKA although I would love to see the site change from HTTP to HTTPS to prevent passwords and user identities from being intercepted.


I agree with you there. And any site that still uses MD5 for encryption is going to get hacked. Not talking about it will not change that.

Even Java now will not run code signed using MD5.


Online
CKA Moderator
CKA Moderator
 Vancouver Canucks


GROUP_AVATAR
User avatar
Profile
Posts: 63925
PostPosted: Thu Apr 20, 2017 9:59 am
 


[B-o]


Post new topic  Reply to topic  [ 4 posts ] 



Who is online

Users browsing this forum: No registered users and 1 guest




 
     
All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © Canadaka.net. Powered by © phpBB.