Perb does not have a secure login?

[Quarter Mile'r]

WTF? I get this message when I go to put in my user name and password.

I get a warning message that my user name and password is not secure loggin on.

This is a new feature that is available starting in Firefox version 51.
Firefox will display a grey lock icon with a red strike-through in the address bar, when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password it could be stolen by eavesdroppers and attackers.

Starting in Firefox version 52, you will also see a warning message when you click inside the login box to enter a username or password.

Nice to know that this is not a secure site to login too. Geeeeesh!



.........................QM'r

 

[escapefromstress]

Previously reported here:

https://perb.cc/vbulletin/showthread.php?235302-Note-to-Fred-Zed

 

[Mark Service]

The secure login issue is now fixed.

Let me know if you still experience any issues.

Thanks.

 

[Equity Market investor]

I also had issues signing in. Now it seems to be working fine :thumb:

 

[Quarter Mile'r]

Yes thanks, its' working fine now.




.......................QM'r

 

[hankmoody]

WTF? I get this message when I go to put in my user name and password.

I get a warning message that my user name and password is not secure loggin on.

This is a new feature that is available starting in Firefox version 51.
Firefox will display a grey lock icon with a red strike-through in the address bar, when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password it could be stolen by eavesdroppers and attackers.

Starting in Firefox version 52, you will also see a warning message when you click inside the login box to enter a username or password.

Nice to know that this is not a secure site to login too. Geeeeesh!



.........................QM'r

I get the same thing on CAF.
The admin there tells me that SSL is only to prevent submitted content from being seen.

You are posting on a public forum information that will be seen.

Passwords are encrypted server side in a 2 part cipher.

There is no reason for SSL which is why we have never used it.

 

[Warl0ck]

I get the same thing on CAF.
The admin there tells me that SSL is only to prevent submitted content from being seen.

You are posting on a public forum information that will be seen.

Passwords are encrypted server side in a 2 part cipher.

There is no reason for SSL which is why we have never used it.

Like to comment on this.

This is nonsense. If TLS is not instituted for login then the passwords of all users (mods included) are transmitted in the clear. The result is any bush league hacker can "man in the middle" the site and capture all the credentials. Further, if you were using public wireless and I taken control of it (can be done easily at a typical cafe) I could steal our credentials. Fuck, I could park outside your house, hack your wireless and steal your credentials. This is basic web development 101.

 

[hankmoody]

Like to comment on this.

This is nonsense. If TLS is not instituted for login then the passwords of all users (mods included) are transmitted in the clear. The result is any bush league hacker can "man in the middle" the site and capture all the credentials. Further, if you were using public wireless and I taken control of it (can be done easily at a typical cafe) I could steal our credentials. Fuck, I could park outside your house, hack your wireless and steal your credentials. This is basic web development 101.

Ya well that's a copy and paste on their admins response. Minus the condescending part where they said that's common knowledge and seemed offended i even mentioned it..

 

[Warl0ck]

Ya well that's a copy and paste on their admins response. Minus the condescending part where they said that's common knowledge and seemed offended i even mentioned it..

Well not sure what to say. If a moderator of a site feels that allowing credentials (username and password) to be transmitted in the clear is good practice they have no idea what they're talking about. I challenge them to find a single security analyst that would agree with them. The same site was the target of a major hack and then an intense trolling campaign on Twitter. I know this as a fact because it's the reason I joined up with Perb.

tl:dr. Don't go there.

 

[hankmoody]

Well not sure what to say. If a moderator of a site feels that allowing credentials (username and password) to be transmitted in the clear is good practice they have no idea what they're talking about. I challenge them to find a single security analyst that would agree with them. The same site was the target of a major hack and then an intense trolling campaign on Twitter. I know this as a fact because it's the reason I joined up with Perb.

tl:dr. Don't go there.

Yeah i wasn't arguing with you. Just stating what i was told.
Does seem odd that they seem so sure its fine.

 

[Warl0ck]

I know you're not arguing with me. I'm just shocked someone who runs a site in the sex trade would make such a comment. Does your bank let you log in without encryption? No. Does your insurance company? No. Does Google? No. Does Facebook or Twitter? No. And yet they're advising that it's OK? That's just fucking stupid.

 

[hankmoody]

Warning for anyone who's on CAF. They still have their insecure login.
https://support.mozilla.org/t5/Protect-your-privacy/Insecure-password-warning-in-Firefox/ta-p/27861
Think i was compromised there.
Wish i had listened to Warl0ck and the warning. ^