Jump to content

Attention HC Admins: HC Forum Connection Not Secure Warning.


audioicon

Recommended Posts

  • Members

Recently I started to noticed that there is no SSL used on the log in Page/Process for this forum.

 

I also started to get warnings last night that the connections for which credentials are sent is not secure.

 

One can simply argue that users can create a throw away account and care less about someone seeing what they are logging in with.

 

I have had serious security concerns about these forums but it is reaching a another lever.

 

The least we can do is use SSL and a simple Captcha.

 

Given the relentless SPAM on these forums, all, one simple have to accidentally click a link and run into some serious issues.

 

I enjoy our community, please don't make me run away.

 

 

 

Link to comment
Share on other sites

  • Members

yeah, the forums aren't secure, don't know if admins here are concerned with security

vBulletin has a fairly poor record when it comes to the number of vulnerabilities found in their software

the fact that threads get hardly any views, but traffic is up, seems to me that it is just bogus accounts that are attacking this place

https://thehackernews.com/2017/12/vbulletin-forum-hacking.html

don't know if admins here are paying attention to this, hopefully so

https://www.vbulletin.org/forum/showthread.php?t=325905

 

 

Link to comment
Share on other sites

  • Members
Are you by chance getting this warning on Firefox?

 

Yes, but Firefox simply goes the distance to make this explicit, however, all browsers are passively indicating that the connection is not secure.

Right now as I type this message, I can see in the top left corner of all browsers that the connection is not secure.

 

In IE, there should be a lock icon and HTTPS Protocol, these are simply not there. This is very similar for Opera.

 

This is simply a new Firefox Update which explicitly informs the users as of version 52:

 

Per Mozilla:

Firefox will display a lock icon with red strike-through [img2=JSON]{"data-align":"none","data-size":"full","src":"http:\/\/www.harmonycentral.com\/\/support.cdn.mozilla.net\/media\/uploads\/gallery\/images\/2015-11-17-12-13-18-2faa61.png"}[/img2] in the address bar when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password, it could be stolen by eavesdroppers and attackers.

 

Starting in Firefox version 52, you will also see a warning message when you click inside the login box to enter a username or password.

 

 

Simply put and as you already know, there appears to be no SSL on this forum and while I understand that the issues discussed in these forums are not matters of National Security, I am simply flabbergasted that people are logging or allowed to log into a page which has no encrypted connection.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...